Versions Compared

Old Version 2

changes.mady.by.user Xavier Abellan

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Varela Santoalla

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

These are the instructions on how to install and configure your Teleport SSH access on Windows 10 and 11 using MobaXterm to connect to ECMWF services such as the Atos HPCF and ECGATE ECS services.

Info

Check

...

the following pages if you are using

...

another Windows method:

Teleport SSH Access - Windows Terminal and Powershell configuration

Teleport SSH Access - Windows Subsystem for Linux (WSL)

Teleport SSH Access - Windows Cygwin configuration

Table of Contents

Table of Contents
excludeTable of Contents

Demo

Here is a demonstration on how to set up Teleport to connect to our our Atos HPCF from your terminal on a Windows 10 or 11. You can find the step by step guide described below.

View filemultimedia
nameplaceholder_windows.mov
height250
widnows_mobaxterm_teleport_setup.mp4

Installing the tsh client

...

  1. Open the zip file in your file browser
  2. Drag the teleport folder inside the file and drop into the directory of your choice (the main directory for your user, for example)

  3. Open MobaXterm and start a local terminal. 

  4. Add to the PATH variable the location of the teleport directory. For example, if you dropped it on your main user directory (C:\Users\yourwindowsuser):

    No Format
    echo 'export PATH=/drives/c/Users/yourwindowsuser/teleport:$PATH' >> ~/.bashrc
source ~/.bashrc

Authenticating yourself

Once every 12 hours, you will need to refresh your tokens with the tsh command. SSH connections may remain active for longer than 12 hours, but new connections will require re-authentication.

To authenticate yourself, Open a local terminal on your MobaXterm and run tsh, giving the location of our Teleport gateway:

tsh login --proxy=jump.ecmwf.int

Your default web browser will open. You should login with your email address, ECMWF password, and then the code from your Time-based One-Time-Password (TOTP) device or the 8-digit one-time passcode from your ActivIdentity (HID) security token if you have not configured your TOTP yet.

Info
titleExisting sessions

If you're already logged in to the ECMWF website, or have recently logged in to this service, the password prompt might be skipped.

Info
titleBrowserless authentication

If your computer does not have a browser or cannot display one, you may use the Teleport SSH access - Browserless Login Python Module for the authentication.

If the process is successful, you will see an output such as:

No Format
> Profile URL:        https://jump.ecmwf.int:443
  Logged in as:       user.address@somewhere.com
  Cluster:            jump.ecmwf.int
  Roles:              
  Logins:             ecmwfusername
  Kubernetes:         disabled
  Valid until:        2022-12-13 20:54:18 +0000 GMT [valid for 4h37m0s]
  Extensions:         permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty

...

titleSubsequent logins


Warning

Please be aware that you must use a version of "tsh" equal to or lower than 13. We are working on removing this limitation in the very near future


Authenticating yourself

Info

The following commands need to be run on a MobaXterm local terminal

Multiexcerpt include
MultiExcerptNamestandard_tsh_auth
PageWithExcerptTeleport SSH Access - Linux configuration

Once you have logged int at least once, tsh will save your proxy settings so you can skip the extra argument next time: 

...

Setup your SSH config

We strongly recommend setting up all the SSH options needed for the connection instead of passing them on the command line.

You can find the right values for those two parameters in the output of the tsh command:

Excerpt
  • Open the File Explorer and navigate to C:\Users\yourwindowsuser\
  • If you have a directory called  ".ssh" directory, go inside. If not, you may create it with clicking on "New Folder"
  • Inside the .ssh directory, check if there is a file called "config".
    1. If config exist, open it with your favourite editor, such as notepad or vscode.
    2. If config does not exist, you can open your favourite editor such as notepad or vscode to create the file and save it later

    • Add the snipped below in the file you opened.

    Code Block
    languagetext
    titleSSH config snippet in ~/.ssh/config
    Host jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-*
  User ecmwfusername 
  IdentityFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com
  CertificateFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com-ssh/jump.ecmwf.int-cert.pub
  HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
  PubkeyAcceptedKeyTypes +ssh-rsa*
  ServerAliveInterval 60
  TCPKeepAlive yes

Host a?-* a??-* hpc-* hpc2020-* ecs-*
  ProxyJump jump.ecmwf.int

    Edit the file ~/.ssh/config in your MobaXterm local terminal and add the snippet below. You may create it if it does not exist. You should replace ecmwfusername by your registered ECMWF user and user.address@somewhere.com by your registered email address at ECMWF.

    tip

    Multiexcerpt include

    titleNot sure about username and email?
    Panel

    % tsh login
    > Profile URL: https://jump.ecmwf.int:443
    Logged in as: user.address@somewhere.com
    Cluster: jump.ecmwf.int
    Roles:
    Logins: ecmwfusername
    Kubernetes: disabled
    Valid until: 2022-12-13 20:54:18 +0000 GMT [valid for 3h56m0s]
    Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty  

    MultiExcerptNamessh_config
    PageWithExcerptTeleport SSH Access - Linux configuration

    Now you should make the

  • Save the file. If you are creating the file from scratch, make sure you save it under C:\Users\yourwindowsuser\.ssh and with the name "config", including the double quotes.
    • Make the

    tsh internal directory where SSH certificates are generated visible within MobaXterm running the following command on a MobaXterm local terminal:

    No Format
    ln -s /drives/c/Users/yourwindowsuser/.tsh ~/


    SSH connection

    Once you have configured the appropriate settings, any SSH-based tools such as ssh, scp or rsync should work out of the box without any additional options.

    To test the connection, from your local terminal on MobaXterm you may ssh into hpc-login if you have access to ECMWF's HPCF:

    No Format
    ssh hpc-login

    Or alternatively, if you only have access to ECMWF ECS service:

    No Format
    ssh ecs-login

    Visit our HPCF User Guide for further information.

    Troubleshooting

    If you cannot connect via SSH and cannot manage to understand why, please raise an issue to our ECMWF Support portal and sending us the output of the commands:

    No Format
    tsh login
ssh -v ecs-login
    Info

    The following commands need to be run on a MobaXterm local terminal

    Multiexcerpt include
    MultiExcerptNamessh_standard_connection
    PageWithExcerptTeleport SSH Access - Linux configuration

    Troubleshooting

    Multiexcerpt include
    MultiExcerptNamereport_problem
    PageWithExcerptTeleport SSH Access - Linux configuration
    You should also include information about your computer (Operating system and teleport version) to help us narrow down the problem.