Versions Compared

Old Version 48

changes.mady.by.user Paul Dando

Saved on

compared with

New Version 49

changes.mady.by.user Xavier Abellan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tabs Container
directionhorizontal
Tabs Page
titleLatest - jump-17.ecmwf.int

Multimedia
namelinux-jump-17-setup.mp4

Tabs Page
titleLegacy - jump.ecmwf.int

Multimedia
namelinux_teleport_setup.mp4

Installing the tsh client

Multiexcerpt
MultiExcerptNametsh_linux_install

The tsh application is required to perform user authentication. tsh is open source, very portable, and has minimal dependencies.

Here are the installation instructions, extracted from the official Teleport documentation:

  • In your terminal, assign environment variables that you will use to download your intended archive.
    Tabs Container
    directionhorizontal
    Tabs Page
    titleLatest - jump-17.ecmwf.int
    HTML
    <div class="preformatted panel conf-macro output-block" style="border-width: 1px;" data-hasbody="true" data-macro-name="noformat">
<div class="preformattedContent panelContent">
<pre data-bidi-marker="true" class="teleport17-version">TELEPORT_PKG=teleport
TELEPORT_VERSION=17.0.0
SYSTEM_ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')</pre>
</div>
</div>
    Tabs Page
    titleLegacy - jump.ecmwf.int
    HTML
    <div class="preformatted panel conf-macro output-block" style="border-width: 1px;" data-hasbody="true" data-macro-name="noformat">
<div class="preformattedContent panelContent">
<pre data-bidi-marker="true" class="teleport13-version">TELEPORT_PKG=teleport
TELEPORT_VERSION=13.0.0
SYSTEM_ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')</pre>
</div>
</div>
  • Run the following commands to download the Teleport archive, unpack it, and install binaries:
    No Format
    curl https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz.sha256
# <checksum> <filename>
curl -O https://cdn.teleport.dev/${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
shasum -a 256 ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
# Verify that the checksums match
tar -xvf ${TELEPORT_PKG?}-v${TELEPORT_VERSION?}-linux-${SYSTEM_ARCH?}-bin.tar.gz
cd ${TELEPORT_PKG?}
sudo ./install
Tip
titleNo sudo or administrator privileges?

Just skip the last step and place the tsh executable somewhere in your PATH

Multiexcerpt
MultiExcerptNametsh_version_compatibility
Tabs Container
directionhorizontal
Tabs Page
titleLatest - jump-17.ecmwf.int
Info
titleClient version compatibility

You will need a client that of the same major version or one behind the server's. With https://jump-17.ecmwf.int, running version 17 of the service, you may connect with clients of versions 16.x and 17.x. Other combinations might work, but they are not supported.

Tabs Page
titleLegacy - jump.ecmwf.int
Client version compatibility
Warning
title

Please be aware that you must use a version of "tsh" equal to or lower than 13 to ensure compatibility with jump.ecmwf.int teleport service. This limitation is not present in the latest versions of the service, where you will need a client that of the same major version or one behind the server's.

Authenticating yourself

Multiexcerpt
MultiExcerptNamestandard_tsh_auth

Once every 12 hours, you will need to refresh your tokens with the tsh command. SSH connections may remain active for longer than 12 hours, but new connections will require re-authentication.

To authenticate yourself, run tsh, giving the location of our Teleport gateway:

Tabs Container
directionhorizontal
Tabs Page
titleLatest - jump-17.ecmwf.int
No Format
tsh login --proxy=jump-17.ecmwf.int
Tabs Page
titleLegacy - jump.ecmwf.int
No Format
tsh login --proxy=jump.ecmwf.int

Your default web browser will open. You should login with your email address, ECMWF password, and then the code from your Time-based One-Time-Password (TOTP) device.

Info
titleExisting sessions

If you're already logged in to the ECMWF website, or have recently logged in to this service, the password prompt might be skipped.

Info
titleBrowserless authentication

If your computer does not have a browser or cannot display one, you may use the Teleport SSH access - Browserless Login Python Module for the authentication.

If the process is successful, you will see an output such as:

Tabs Container
directionhorizontal
Tabs Page
titleLatest - jump-17.ecmwf.int
No Format
> Profile URL:        https://jump-17.ecmwf.int:443
  Logged in as:       user.address@somewhere.com
  Cluster:            jump-17.ecmwf.int
  Roles:              access
  Logins:             ecmwfusername
  Kubernetes:         enabled
  Valid until:        2025-03-21 20:25:29 +0000 GMT [valid for 10h35m0s]
  Extensions:         login-ip, permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty, private-key-policy
Tabs Page
titleLegacy - jump.ecmwf.int
No Format
> Profile URL:        https://jump.ecmwf.int:443
  Logged in as:       user.address@somewhere.com
  Cluster:            jump.ecmwf.int
  Roles:              
  Logins:             ecmwfusername
  Kubernetes:         disabled
  Valid until:        2022-12-13 20:54:18 +0000 GMT [valid for 4h37m0s]
  Extensions:         permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty


Tip
titleSubsequent logins

Once you have logged int at least once, tsh will save your proxy settings so you can skip the extra argument next time: 

No Format
tsh login



...

Multiexcerpt
MultiExcerptNamessh_config
Tabs Container
directionhorizontal
Tabs Page
titleLatest - jump-17.ecmwf.int
Note
titleUpdating from a previous jump service

If you have some configuration for a previous jump service at ECMWF, make sure you remove it (or move it aside) and replace it by the new one to avoid conflicts. 

Code Block
languagetext
titleSSH config snippet
Host *.jump-17.ecmwf.int jump-17.ecmwf.int* a?-* a??-* hpc-* ecs-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive*
    User ecmwfusername
    UserKnownHostsFile ~/.tsh/known_hosts
    IdentityFile ~/.tsh/keys/jump-17.ecmwf.int/user.address@somewhere.com
    CertificateFile ~/.tsh/keys/jump-17.ecmwf.int/user.address@somewhere.com-ssh/jump-17.ecmwf.int-cert.pub 
    ServerAliveInterval 60
    TCPKeepAlive yes 

Host !jump-17.ecmwf.int *.jump-17.ecmwf.int
    ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h

Host hpc-login ecs-login
    Hostname %h.jump-17.ecmwf.int
    ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h

# Extra configuration for additional internal hosts through the main entry point
Host a?-* a??-* hpc-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive* !hpc-login* !ecs-login* !*.jump-17.ecmwf.int*
    ProxyJump hpc-login.jump-17.ecmwf.int
    # Replace by ecs-login.jump-17.ecmwf.int if only ECS access
Tabs Page
titleLegacy - jump.ecmwf.int
language
Code Block
text
titleSSH config snippet
Host jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-* ecinteractive*
  User ecmwfusername 
  IdentityFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com
  CertificateFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com-ssh/jump.ecmwf.int-cert.pub
  HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
  PubkeyAcceptedKeyTypes +ssh-rsa*
  ServerAliveInterval 60
  TCPKeepAlive yes

Host a?-* a??-* hpc-* hpc2020-* ecs-* ecinteractive*
  ProxyJump jump.ecmwf.int

 Tip
titleNot sure about username and email?
You can find the right values for those two parameters in the output of the tsh login command
...
 Multiexcerpt
MultiExcerptNameauto_tsh_login
You may instruct ssh to trigger a tsh login whenever required when establishing a new connection by adding the following line at the top of your ~/.ssh/config
 Tabs Container
directionhorizontal
Legacy - jump
 Tabs Page
titleLatest - jump-17.ecmwf.int
 No Format
Match host jump-17.ecmwf.int exec "tsh status --proxy %h >/dev/null 2>&1 || tsh --proxy %h login"
 Tabs Page
title
.ecmwf.int
 No Format
Match host jump.ecmwf.int exec "tsh status --proxy %h >/dev/null 2>&1 || tsh --proxy %h login"
 Multiexcerpt
MultiExcerptNamevscode_local_server
Optional: VSCode settings
 Tabs Container
directionhorizontal
Legacy - jump.ecmwfint
 Tabs Page
titleLatest - jump-17.ecmwf.int
For those using VSCode, you may need to set the  Remote.SSH: Use Local Server  setting to  false  in the extension setting. You can search for  @ext:ms-vscode-remote.remote-ssh to find the plugin-specific settings.
 Tabs Page
title
.
If you are using Visual Studio Code with the Remote SSH extension, it will not recognise hosts with wildcards as defined in the previous SSH config file.
You may add append an explicit entry for the desired hosts in your ssh config file:
 No Format
Host ecs-login hpc-login
Alternative connection method with tsh
 Multiexcerpt
MultiExcerptNamealternative-tsh-connection
 Tabs Container
directionhorizontal
auitabspage
 Tabs Page
titleLatest - jump-17.ecmwf.int
You may use the tsh client to connect without any modifications to your ~/.ssh/config with:
 No Format
tsh ssh hpc-login
or
 No Format
tsh ssh ecs-login
The target platforms you can connect to can be listed with
 No Format
tsh ls
scp file transfers through the tsh client are also possible. For example, to transfer a file from your computer to your HOME in hpc-login:
 No Format
tsh scp myfile hpc-login:
 Note
titleCompatibility with other tools
If you choose this method and do not configure your ~/.ssh/config, you will not be able to use other tools that rely on a standard SSH connection, such as ssh itself, scp, rsync or VSCode.
titleLegacy - jump.ecmwf.int
Unfortunately jump.ecmwf.int does not support this method. Choose the latest production service to enjoy this feature.

Troubleshooting
 Multiexcerpt
MultiExcerptNamereport_problem
If you cannot login to teleport or connect via SSH and you are not able to understand why, please raise an issue to our ECMWF Support portal and sending us the output of the commands:
 Tabs Container
directionhorizontal
 Tabs Page
titleLatest - jump-17.ecmwf.int
 No Format
tsh version
tsh login --proxy=jump-17.ecmwf.int
ssh -V
ssh -v ecs-login
 Tabs Page
titleLegacy - jump.ecmwf.int
 No Format
tsh version
tsh login --proxy=jump.ecmwf.int
ssh -V
ssh -v ecs-login
You should also include information about your computer (Operating system) to help us narrow down the problem.