Versions Compared

Old Version 12

changes.mady.by.user Xavier Abellan

Saved on

compared with

New Version 13

changes.mady.by.user Xavier Abellan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

teleport-browserless-login

This software will allow you to login to teleport and get the certificate without a browser (or X-capabilities)

...

.

Table of Contents

Prerequisites

Before you start, make sure you have the following elements installed and available in your system:

Installation

Install the module from ECMWF public software repository:

Code Blocknoformat
languagebash
titleInstallation
user@local $ pip3 install teleport-browserless-login --user -U -i https://get.ecmwf.int/repository/pypi-all/simple

In order to install the extra certificates checks please install with the extras option certificates-check (requires the cryptography python package):

Code Blocknoformat
languagebash
titleInstallation
user@local $ pip3 install teleport-browserless-login[certificates-check] --user -U -i https://get.ecmwf.int/repository/pypi-all/simple

...

Note
titleNote for Raspberry Pi users

If you get the error:

Code Blocknoformat
languagebash
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://www.piwheels.org/simple/teleport-browserless-login/

Comment the line extra-index-url=https://www.piwheels.org/simple from /etc/pip.conf

...

Basic Usage

Tip

A shell script is installed along with the package, so all the commands python3 -m teleport.login can be replaced with teleport-login on Linux or Mac systems

You can now authenticate with our Teleport system with:

No Format
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: us9
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=us9]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL:        https://jump.ecmwf.int:443
Logged in as:       us.induction@ecmwf.int
Cluster:            jump.ecmwf.int
Roles:
Logins:             us9
Kubernetes:         disabled
Valid until:        2022-12-17 03:52:17 +0000 UTC [valid for 11h58m0s]
Extensions:         permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty

That will prompt you for your ECMWF username, password and TOTP of HID Token if TOTP is not configured.

Info

This module will not attempt to authenticate if the current certificates are still valid.

Advanced Usage

Check the module help:

Code Blocknoformat
languagebash
titleHelp
user@local $ python3 -m teleport.login --help
VERSION = "1.1.38"

Environment Variables:
  ECMWF_USERNAME  The ECMWF Username
  ECMWF_PASSWORD  The ECMWF Password
  TSH_EXEC        The Teleport binary tsh path
  TSH_PROXY       The ECMWF Teleport proxy

Configuration file content example (yaml):
  tsh_exec: '/usr/local/bin/tsh'
  tsh_proxy: 'jump.ecmwf.int:443'
  ecmwf_username: 'your_username'
  ecmwf_password: 'your_password'

Usage: python -m teleport.login [OPTIONS]

Options:
  --configuration PATH    The path to the configuration file.
  -f, --force-clean       To Request a new certificate even if the current one
                          is valid.
  -o, --tsh-options TEXT  To add extra options to tsh command. e.g.: -o "--no-
                          use-local-ssh-agent" -o "--insecure"
  --help                  Show this message and exit.

Using the module without arguments will prompt for the HID Token or TOTP (if configured instead) and load the default configuration fileYou can configure your default settings in such as the ECMWF username and password, using environment variables or a configuration file. By default, this tool will look into  ~/.teleport-login.yaml but a different file may be passed with the --configuration option. Note that the tool will always prompt for the OTP token:

Code Blocknoformat
languagebash
titleLogin
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uiddemo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token: ******
INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=us9]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - HIDTokenHandlerOTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL:        https://jump.ecmwf.int:443
Logged in as:       FirstNameus.LastName@ecmwfinduction@ecmwf.int
Cluster:            jump.ecmwf.int
Roles:
Logins:             uidus9
Kubernetes:         disabled
Valid until:        20212022-0612-0717 0703:2857:5549 +01000000 BSTUTC [valid for 12h0m0s11h58m0s]
Extensions:         permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty

If you want to provide a specific path for your configuration file using --configuration and you will be prompt for the HID Token:

Code Block
languagebash
titleLogin with Configuration File
user@local $ python3 -m teleport.login --configuration /path/to/configuration.yaml
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/path/to/configuration.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token:
...

An example of such a configuration file is:

Code Blocknoformat
languagebash
titleConfiguration File Example
user@local $ cat .teleport-login.yaml
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password'

You can override all configuration values by using Environment Variables:

Code Blocknoformat
languagebash
titleLogin with Environment Variables
user@local $ export ECMWF_USERNAME='test'
user@local $ export ECMWF_PASSWORD='zzzz'
user@local $ export TSH_EXEC='tsh'
user@local $ export TSH_PROXY='jump.ecmwf.int:443'
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Environment variable [ECMWF_USERNAME] found. Overriding...
INFO - Environment variable [ECMWF_PASSWORD] found. Overriding...
INFO - Environment variable [TSH_EXEC] found. Overriding...
INFO - Environment variable [TSH_PROXY] found. Overriding...
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443]
...

...

  • tsh_exec - if tsh is on the system PATH, this can be left out the configuration file as the default is tsh
  • tsh_proxy - this can be left out the configuration file as the default is sheljump.ecmwf.int:443
  • username - will be prompted
  • password - will be prompted
  • token - will be prompted
Code Block
languagebash
titleLogin Without pre Configurations
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [~/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: uid
INFO - Password is empty...
INPUT - ECMWF password:
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443]
...
Info

This module will always prompt the user if some credential is missing.

Troubleshooting

If you want to enable DEBUG, run into problems, enabling DEBUG might be useful to get more information regarding a the failure, just .  Just set the environment variable DEBUG to True:

Code Blocknoformat
languagebash
titleDebug
user@local $ DEBUG=True python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token:
DEBUG - Loaded Configuration: {"token": "xxxxxx", "username": "uid", "password": "xxxxxxxx", "tsh_exec": "/usr/local/bin/tsh", "tsh_proxy": "jump.ecmwf.int:443"}
INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=jump.ecmwf.int:443]
DEBUG - Setting User-Agent: {'User-Agent': 'TeleportBrowserlessLogin/1.0.0 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-glibc2.31) Python/3.9.5'}
DEBUG - Starting new HTTP connection (1): 127.0.0.1:42387
DEBUG - http://127.0.0.1:42387 "GET /fbbeee7d-dfc3-4b7b-a75a-830f48980d2e HTTP/1.1" 302 309
DEBUG - Starting new HTTPS connection (1): accounts.ecmwf.int:443
DEBUG - https://accounts.ecmwf.int:443 "GET /auth/realms/ecmwf/protocol/openid-connect/auth... HTTP/1.1" 200 5797
INFO - TeleportLoginUrlHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5654
INFO - UsernamePasswordHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5915
INFO - HIDTokenHandler finished
INFO - Login Successful
INFO - > Profile URL:        https://jump.ecmwf.int:443
Logged in as:       FirstName.LastName@ecmwf.int
Cluster:            jump.ecmwf.int
Roles:
Logins:             uid
Kubernetes:         disabled
Valid until:        2021-06-07 07:28:55 +0100 BST [valid for 12h0m0s]
Extensions:         permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty

This module will not attempt to authenticate if the current certificates are still valid.

Code Block
languagebash
titleLogin with Certificates Checks
user@local $ DEBUG=True python3 -m teleport.login
INFO - Current certificate [/home/uid/.tsh/keys/jump.ecmwf.int/FirstName.LastName@ecmwf.int-x509.pem] is valid until [2021-06-08 20:49:58]

If you need to pass additional options to the tsh command use  --tsh-options 

Code Block
languagebash
titlePassing other options to tsh
user@local $ python3 -m teleport.login --tsh-options="--no-use-local-ssh-agent --insecure"
Note
NOTE: If you have enabled TOTP for your account, that one should be used instead of the old HID Token.