This software will allow you to login to teleport and get the certificate without a browser (or X-capabilities).
| Table of Contentsmultiexcerpt-include |
|---|
Prerequisites
Before you start, make sure you have the following elements installed and available in your system:
- Python 3
- pip
- The Teleport standard tsh client as described in Teleport SSH Access
Installation
Install the module from ECMWF public software repository:
| No Format |
|---|
user@local $ pip3 install teleport-browserless-login --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
In order to install the extra certificates checks please install with the extras option certificates-check (requires the cryptography python package):
| MultiExcerptName | current-teleport-services |
|---|
| PageWithExcerpt | Teleport SSH Access |
|---|
|
| HTML |
|---|
<script src="https://sites.ecmwf.int/public/sharebox/confluence-tabs-sync.js"></script>
<script src="https://sites.ecmwf.int/public/sharebox/fetch-teleport-versions-class.js"></script> |
Prerequisites
Before you start, make sure you have the following elements installed and available in your system:
- Python 3
- pip
- The Teleport standard tsh client as described in Teleport SSH Access
Installation
Install the module from ECMWF public software repository:
| No Format |
|---|
| No Format |
|---|
user@local $ pip3 install teleport-browserless-login[certificates-check] --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
In order to install the extra certificates checks please install with the extras option certificates-check (requires the cryptography python package):
| No Format |
|---|
user@local $ pip3 install teleport-browserless-login[certificates-check] --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
| Note |
|---|
| title | Note for Raspberry Pi users |
|---|
|
If you get the error: | No Format |
|---|
Could not install packages due to an EnvironmentError: 404 Client |
|
| Note |
|---|
| title | Note for Raspberry Pi users |
|---|
|
If you get the error: | No Format |
|---|
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://www.piwheels.org/simple/teleport-browserless-login/ |
Comment the line extra-index-url=https://www.piwheels.org/simple from /etc/pip.conf |
...
| Tip |
|---|
A shell script is installed along with the package, so all the commands python3 -m teleport.login can be replaced with teleport-login on Linux or Mac systems |
...
| Tabs Container |
|---|
|
| Tabs Page |
|---|
| title | Latest - jump-17.ecmwf.int |
|---|
| Define the target service. On Linux, Mac, or Windows Subsystem for Linux (WSL): |
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...export TSH_PROXY=jump-17.ecmwf.int:443 |
On Windows Powershell | No Format |
|---|
$env:TSH_PROXY=jump-17.ecmwf.int:443 |
Alternatively, you may define it through a configuration file as described in Advance Usage. You can now authenticate with our Teleport system with: | No Format |
|---|
user@local $ python3 -m teleport.login
INFO - |
|
Usernameis empty...
INPUT - ECMWF username: us9not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - |
|
PasswordUsername is empty...
INPUT - ECMWF |
|
password: *username: ecmwfusername
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump-17.ecmwf.int:443 --user= |
|
us9ecmwfusername]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump-17.ecmwf.int:443
Logged in as: |
|
usinduction@ecmwfintcom
Cluster: jump-17.ecmwf.int
Roles: shelluser
Logins: |
|
us9ecmwfusername
Kubernetes: |
|
disabled2022121703UTCBST [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
|
|
|
That will prompt you for your ECMWF username, password and TOTP of HID Token if TOTP is not configured.
| Info |
|---|
This module will not attempt to authenticate if the current certificates are still valid. |
Advanced Usage
For more advance usages, check the module help:
| Tabs Page |
|---|
| title | Legacy - jump.ecmwf.int |
|---|
| Define the target service. On Linux, Mac, or Windows Subsystem for Linux (WSL): | No Format |
|---|
export TSH_PROXY=jump.ecmwf.int:443 |
On Windows Powershell | No Format |
|---|
$env:TSH_PROXY=jump.ecmwf.int:443 |
Alternatively, you may define it through a configuration file as described in Advance Usage. You can now authenticate with our Teleport system with: | No Format |
|---|
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: ecmwfusername
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=ecmwfusername]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: |
|
|
| No Format |
|---|
user@local $ python3 -m teleport.login --help
VERSION = "1.1.8"
Environment Variables:
ECMWF_USERNAME The ECMWF Username
ECMWF_PASSWORD The ECMWF Password
TSH_EXEC The Teleport binary tsh path
TSH_PROXY The ECMWF Teleport proxy
Configuration file content example (yaml):
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password'
Usage: python -m teleport.login [OPTIONS]
Options:
--configuration PATH The path to the configuration file.
-f, --force-clean To Request a new certificate even if the current one
is valid.
-o, --tsh-options TEXT To add extra options to tsh command. e.g.: -o "--no-
jump.ecmwf.int
Roles:
Logins: ecmwfusername
Kubernetes: |
|
use-local-ssh-agent"-o"--insecure"
--help disabled
Valid until: 2025-04-01 20:52:17 +0000 BST [valid for 11h58m0s]
Extensions: |
|
Showthismessageand exit. |
You can configure your default settings in such as the ECMWF username and password, using environment variables or a configuration file. By default, this tool will look into ~/.teleport-login.yaml but a different file may be passed with the --configuration option. Note that the tool will always prompt for the OTP token:
| No Format |
|---|
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=us9]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump.ecmwf.int:443
Logged in as: us.induction@ecmwf.int
Cluster: jump.ecmwf.int
Roles:
Logins: us9
Kubernetes: disabled
Valid until: 2022-12-17 03:57:49 +0000 UTC [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty |
...
permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
|
|
|
That will prompt you for your ECMWF username, password and TOTP of HID Token if TOTP is not configured.
| Info |
|---|
This module will not attempt to authenticate if the current certificates are still valid. |
Advanced Usage
For more advance usages, check the module help:
| No Format |
|---|
user@local $ python3 -m teleport.login --help
VERSION = "1.1.8"
Environment Variables:
ECMWF_USERNAME The ECMWF Username
ECMWF_PASSWORD The ECMWF Password
TSH_EXEC The Teleport binary tsh path
TSH_PROXY The ECMWF Teleport proxy
Configuration file content example (yaml):
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password'
Usage: python -m teleport.login [OPTIONS]
Options:
--configuration PATH The path to the configuration file.
-f, --force-clean To Request a new certificate even if the current one
is valid.
-o, --tsh-options TEXT To add extra options to tsh command. e.g.: -o "--no-
use-local-ssh-agent" -o "--insecure"
--help Show this message and exit. |
You can configure your default settings in such as the ECMWF username and password, using environment variables or a configuration file. By default, this tool will look into ~/.teleport-login.yaml but a different file may be passed with the --configuration option. Note that the tool will always prompt for the OTP token:
| No Format |
|---|
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token: ******
... |
An example of such a configuration file is:
| Tabs Container |
|---|
|
| Tabs Page |
|---|
| title | Latest - jump-17.ecmwf.int |
|---|
| | No Format |
|---|
user@local $ cat .teleport-login.yaml
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump-17.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password' |
You can override all configuration values by using Environment Variables: | No Format |
|---|
user@local $ export ECMWF_USERNAME='test'
user@local $ export ECMWF_PASSWORD='zzzz'
user@local $ export TSH_EXEC='tsh'
user@local $ export TSH_PROXY='jump-17.ecmwf.int:443'
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Environment variable [ECMWF_USERNAME] found. Overriding...
INFO - Environment variable [ECMWF_PASSWORD] found. Overriding...
INFO - Environment variable [TSH_EXEC] found. Overriding...
INFO - Environment variable [TSH_PROXY] found. Overriding...
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump-17.ecmwf.int:443]
... |
|
| Tabs Page |
|---|
| title | Legacy - jump.ecmwf.int |
|---|
| | No Format |
|---|
user@local $ cat .teleport-login.yaml
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password' |
You can override all configuration values by using Environment Variables: | No Format |
|---|
user@local $ export ECMWF_USERNAME='test'
user@local $ export ECMWF_PASSWORD='zzzz'
user@local $ export TSH_EXEC='tsh'
user@local $ export TSH_PROXY='jump.ecmwf.int:443'
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Environment variable [ECMWF_USERNAME] found. Overriding...
INFO - Environment variable [ECMWF_PASSWORD] found. Overriding...
INFO - Environment variable [TSH_EXEC] found. Overriding...
INFO - Environment variable [TSH_PROXY] found. Overriding...
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443]
... |
|
|
If no configuration is provided the module will use default values:
...
| No Format |
|---|
user@local $ DEBUG=True python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token:
DEBUG - Loaded Configuration: {"token": "xxxxxx", "username": "uidecmwfusername", "password": "xxxxxxxx", "tsh_exec": "/usr/local/bin/tsh", "tsh_proxy": "jump-17.ecmwf.int:443"}
INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=jump-17.ecmwf.int:443]
DEBUG - Setting User-Agent: {'User-Agent': 'TeleportBrowserlessLogin/1.0.0 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-glibc2.31) Python/3.9.5'}
DEBUG - Starting new HTTP connection (1): 127.0.0.1:42387
DEBUG - http://127.0.0.1:42387 "GET /fbbeee7d-dfc3-4b7b-a75a-830f48980d2e HTTP/1.1" 302 309
DEBUG - Starting new HTTPS connection (1): accounts.ecmwf.int:443
DEBUG - https://accounts.ecmwf.int:443 "GET /auth/realms/ecmwf/protocol/openid-connect/auth... HTTP/1.1" 200 5797
INFO - TeleportLoginUrlHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5654
INFO - UsernamePasswordHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5915
INFO - HIDTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump-17.ecmwf.int:443
Logged in as: FirstNameuser.LastName@ecmwfaddress@somewhere.intcom
Cluster: jump-17.ecmwf.int
Roles: shelluser
Logins: uidecmwfusername
Kubernetes: disabledenabled
Valid until: 20212025-0604-0701 0720:2852:5517 +01000000 BST [valid for 12h0m0s11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty |
If you need to pass additional options to the tsh command use --tsh-options options
| No Format |
|---|
user@local $ python3 -m teleport.login --tsh-options="--no-use-local-ssh-agent --insecure" |