...
- Single SSH hop from client systems anywhere on the internet to servers inside ECMWF (ecGate, HPC, etc)
- Web single sign-on using ECMWF's website and the HID token
- Re-authentication required only every 12 hours (once per day)
- Integration with standard tools such as the OpenSSH ssh client, scp, and ssh-agent
- Web-SSH interface for in-browser terminal access, with scp
- X11 and Port forwarding
The single sign-on step is performed using an application called "tsh
", every 12 hours.
After that you use standard ssh or scp to connect to systems inside ECMWF.
Alternatively you can have simple Gravitational Teleport.
Downloading tsh
The tsh
application is required to perform user authentication once every 12 hours.
...
Code Block | ||
---|---|---|
| ||
ssh -J ab0@shell.ecmwf.int,ab0@workstation ab0@lxc |
Configuring
...
password-less login
Tip |
---|
The CENTOS 8 Linux VDI beta service already supports automatic password-less login - you can skip this procedure. |
With the initial configuration you may be prompted for a password at the destination-host
.
For login without a password, add Add the Teleport certificate authority to your ~/.ssh/authorized_keys
file:
...
Tip |
---|
This configuration will allow access to any host which mounts the same |
Terminal Access in a Web Browser
This functionality opens a tabbed terminal in the web browser, with support for SCP upload and download.
Browse to http://webshell.ecmwf.int/destination-host/username
.
It will work only if you have password-less login (which is automatically done for you on CENTOS Linux VDI beta).
Tip |
---|
This works well with |
Windows Clients
There are various ways to initiate SSH from Windows 10, so it depends on your system and your preferences.
...