Versions Compared

Old Version 110

changes.mady.by.user Oliver Gorwits

Saved on

compared with

New Version 111

changes.mady.by.user Oliver Gorwits

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel1

Overview

The Teleport service provides:

...

Alternatively you can have simple terminal access in a web browser

Downloading tsh 

The tsh application is required to perform user authentication once every 12 hours.

...

MacOS users can also use homebrew for installation (brew install teleport).

User Authentication

Once every 12 hours, you will need to refresh your tokens with the tsh command, through your web browser.

Info

SSH connections can remain active for longer than 12 hours, but new ones will require re-authentication.

First Time

Run tsh, giving the location of our gateway:

...

Code Block
languagebash
themeMidnight
tsh login

Connecting to hosts through the gateway

Info

Windows users should skip to our Guide for Windows SSH to ECMWF.

...

Code Block
languagebash
$ tsh status
> Profile URL:  https://shell.ecmwf.int:443
  Logged in as: firstname.lastname@ecmwf.int
  Cluster:      shell.ecmwf.int
  Roles:        *
  Logins:       ab0
  Valid until:  2020-06-22 23:26:30 +0100 BST [EXPIRED]
  Extensions:   permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty

Destination Hosts available

The hosts directly available through the Teleport gateway are:

...

Code Block
languagebash
ssh -J ab0@shell.ecmwf.int,ab0@ecgate ab0@lxc

Configuring password-less login

Info

 Not required for ecgate, CENTOS 8 Linux VDI beta, or HPC2020 TEMS.

...

Tip

This configuration will allow access to any host which mounts the same $HOME directory.

Terminal Access in a Web Browser

You can open a tabbed terminal in the web browser, with support for SCP upload and download.

...

Tip

The web terminal works very well to access tmux or screen running on the destination host.

Windows Clients

There are various ways to initiate SSH from Windows 10, so it depends on your system and your preferences.

...

Expand
titleNative SSH from Windows 10 (own machine)
  1. Start the Windows SSH Agent Service
  2. Download tsh (you may need to instruct antivirus software to ignore the file)
  3. Login using tsh (you will always need to specify the --proxy setting)
  4. Use an SSH config as below:
Code Block
languagebash
# Windows currently has a bug, you need the full path to ssh or you will get:
# posix_spawn: No such file or directory

Host *.ecmwf.int
  User ab0
  ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -q -W %h:%p ab0@shell.ecmwf.int

# this assumes the SSH Agent is running, otherwise add:
# Host shell.ecmwf.int
#   IdentityFile ~/.tsh/keys/shell.ecmwf.int/firstname.lastname@ecmwf.int


Tip

The Windows 10 Terminal is a decent tabbed command line interface (albeit with no X11 support).

Expand
titleNew sessions can be configured following this example


Code Block
languagejs
{
  "guid": "{717406b0-06cb-454c-a0c4-875267fa373d}", # run "[guid]::NewGuid()" in a PowerShell to generate this
  "name": "ecGate",
  "commandline": "ssh ab0@ecgate.ecmwf.int"
  "suppressApplicationTitle": true,
  "hidden": false,
  "fontSize": 10,
  "fontFace": "Fira Code",
  "cursorShape": "filledBox",
  "cursorColor": "#073642",
  "colorScheme": "Solarized Dark",
},




Other Notes

SSH Agent is required

If you have logged in but ssh fails to connect, it may be that your SSH agent is not running.

...

Code Block
languagebash
echo 'eval $(ssh-agent -s)' >> ~/.bash_profile

SCP, X11, Agent, and Port Forwarding

SCP, Agent forwarding, X11 forwarding, and Port forwarding (including SOCKS proxy), all work through the Teleport gateway.

X11 under macOS

Code Block
languagebash
$ brew cask install xquartz
# start xquartz app
$ export DISPLAY=:0
$ ssh -X ....

Legacy Configuration

For OpenSSH clients older than 7.3, the following configuration can be used:

Code Block
languagebash
# ~/.ssh/config file:
Host ecgate
  User ab0
  ProxyCommand /usr/bin/ssh -q -W %h:%p ab0@shell.ecmwf.int

Difficult client environments

You might not be able to download and run tsh, or access our web login service, or run the SSH Agent, from where you wish to use ssh.

...