Versions Compared

Old Version 156

changes.mady.by.user Xavier Abellan

Saved on

compared with

New Version 157

changes.mady.by.user Andy Brady

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Gliffy Diagram
nameGravitational Teleport ECMWF Implementation v1.0 Copy Copy
pagePin1


Teleport is software which provides an SSH Jump Host (or Bastion host) service in a secure, modern way, with support for role-based access control and single sign-on.

...

ecmwf
Show If
groupecmwf
  • Linux VDI (both legacy OpenSUSE and production CentOS 8)
  • Physical office workstations

To access any other host, the ProxyJump feature allows chaining by using a comma, like so:

Code Block
languagebash
ssh -J ab0@shell.ecmwf.int,ab0@ecgate ab0@lxc

You can also set password-less login, as below.

Show If
group


Configuring password-less login

Info

This configuration enables single-hop ssh (using ProxyJump) to

LXC or any

other

host

ECMWF hosts.

Not required for ECGATE, CCA/CCB login nodes, Linux physical workstations and Linux VDI.

Add the Teleport certificate authority to your ~/.ssh/authorized_keys file, on the relevant system at ECMWF, e.g. ecgate, cca:

Code Block
languagebash
curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys


Note

On cca/ccb, you will need to load the curl module beforehand.


Tip

This configuration will allow access to any host which mounts the same $HOME directory.

Terminal Access in a Web Browser

...