Versions Compared

Old Version 16

changes.mady.by.user Xavier Abellan

Saved on

compared with

New Version Current

changes.mady.by.user Xavier Abellan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

From outside ECMWF, you may use Teleport through our gateway in Bologna, jump.ecmwf.int. Direct access through ECACCESS service is not available.

No Format
$> tsh login --proxy=jump.ecmwf.int
$> ssh -J user@jump.ecmwf.int user@hpc-login
# or for users with no formal access to HPC service:
$> ssh -J user@jump.ecmwf.int user@ecs-login

For all the details of this connection method please see the Teleport documentation, where you will find how to best configure your SSH settings.

You may also connect via You can connect for the first time via SSH from another ECMWF platform . If you do so from ECGATE or the Cray HPCF you will not need a password to log insuch as the Linux VDI.

No Format
$> ssh aahpc-login
# or for users with no formal access to HPC service:
$> ssh ecs-login


Tip
titleSSH key-based authentication within ECMWF

The first time you log in, we strongly recommend you set up your local SSH key-based authentication with the following command:

No Format
$> ssh-key-setup

This step is required for many tools and applications to work well, such as ecinteractive, ecflow, and ecaccess jobs, as well as convenient access from our VDI service.

See also HPC2020: Persistent interactive job with ecinteractive if if you wish to customise the resource limits of your interactive session.

Info

Upon logging in, please take a look at the message of the day displayed on the login nodes (or review /etc/motd). 

You can also open a JupyterLab session through the ECMWF JupyterHub service. See HPC2020: Jupyter Sessions with JupyterHub for more details.

Tip
titlePassword access

If you have not changed your password since 18 January 2021, password access may not work.

External access

If you are using Teleport, a chained ProxyJump could be configured as an interim measure. Below is a suggested entry which you need to place in your End User Device's ~/.ssh/config. It also includes the settings for X11 forwarding and to avoid your connections to drop after a period of inactivity. Note you must set your ECMWF username in the User option

Code Block
languagebash
titleExample snippet of ~/.ssh/config with chained ProxyJump
collapsetrue
Host aa-login aa-login.ecmwf.int ecs-login ecs-login.ecmwf.int
    User yourusername
    ForwardX11 yes
    ForwardX11Timeout 0
    ServerAliveInterval 60
    TCPKeepAlive yes
    # Temporary extra jump through ecgate until direct access is sorted
    ProxyJump shell.ecmwf.int,ecgate
Tip
titlePasswordless access with Teleport

If you wish to have password-less access, you will need to add the following entry to your ~/.ssh/authorized_keys on the Atos HPCF:

No Format
curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys

Alternatively, if you have an ssh key pair on your end user device, you could also add your public key into ~/.ssh/authorized_keys on the Atos HPCF for the same effect.

Direct access from outside ECMWF through ECACCESS is not available. You must choose a valid host such as ecgate, and once there ssh into the desired host.

Password-less access from / to other platforms

If connecting from a different platform and to enable password-less connections and transfers between different platforms, you will need to enable ssh key authentication.

Check if you have an existing ssh key pair on other ECMWF platforms:

No Format
$> ls ~/.ssh/id_*
~/.ssh/id_rsa    ~/.ssh/id_rsa.pub

If you don't, you may generate them like so:

No Format
$> ssh-keygen                         # press 'enter' 3 more times

List of main entry points

You can use the hpc-* or hpc2020-* names in the table below if you just need to use the default HPCF complex, or the specific names for each of the complexes. For ECS, you may use the ecs-* names. Your usual interface to connect would be the *-login names, and for remote submission of jobs we would recommend using the *-batch names as they are dedicated login nodes for job submissions. If you need to set up a cronjob, then the *-cron names are to be used.


Generic namesPer-complex
HPCF Interactive Login

hpc-login

hpc2020-login

aa-login

ab-login

ac-login

ad-login

ECS Interactive Loginecs-loginecs-login
HPCF Remote batch job submission

hpc-batch

hpc2020-batch

aa-batch

ab-batch

ac-batch

ad-batch

ecs-batch

ECS Remote batch job submissionecs-batchecs-batch
HPCF Cron jobs

hpc-cron

hpc2020-cron

-
ECS Cron jobsecs-cron-

Make sure it is added into the different platforms to be used

Note

If the key was already present in the ~/.ssh/authorized_keys file, it will be duplicated.

No Format
$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecgate
$> ssh-copy-id -i ~/.ssh/id_rsa.pub cca
$> ssh-copy-id -i ~/.ssh/id_rsa.pub aa-login
# or for users with no formal access to HPC service:
$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecs-login

Copy also your private key onto those platforms so you can make the connections in both directions:

...