...
- Single SSH hop from client systems anywhere on the internet to servers inside ECMWF (ecGate, HPC, etc)
- Web single sign-on using ECMWF's website and the HID token
- Eight 12 hour sessions allowing multiple connections between re-authentication
- Integration with standard tools such as the OpenSSH ssh client, and ssh-agent
The single sign-on step is performed using an application called "tsh", every eight 12 hours.
After that you use standard ssh or scp to connect to systems inside ECMWF.
Downloading tsh
The 12 tsh application is required to perform user authentication once every eight 12 hours.
tsh is open source, very portable, and has minimal dependencies.
...
User Authentication
Once every eight 12 hours, you will need to refresh your tokens by logging in to the ECMWF website.
| Tip |
|---|
SSH connections can remain active for longer than eight 12 hours, but new ones will require re-authentication. |
...
SCP, X11, Agent, and Port Forwarding
SCP, Agent forwarding, X11 forwarding, and Port forwarding (including SOCKS proxy), all work through the Teleport gateway.
...
gateway
...
.
Legacy Configuration
For OpenSSH clients older than 7.3, the following configuration can be used:
...