Versions Compared

Old Version 26

changes.mady.by.user Xavier Abellan

Saved on

compared with

New Version 27

changes.mady.by.user Xavier Abellan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

After a recent update of hpc-login ecs-login and other aliases, their host key has changed. You may get the following error when connecting:

No Format
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for hpc-login has changed,
and the key for the corresponding IP address 10.100.192.100
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:QdNPyN2jAR5m7ngLbtIUjc2JgzknvFP2flMOGbd1i5k.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:4
ECDSA host key for hpc-login has changed and you have requested strict checking.
Host key verification failed.

It is safe to accept the new key. You will need to remove the corresponding entry for hpc-login or ecs-login on your ~/ssh/known_hosts file. For example, you may use the following command to remove the entries for hpc-login:

No Format
ssh-keygen -R hpc-login
A similar command may be run for other hostnames with the same problem. After that, a new connection should prompt you to accept the new key.

We have recently updated the host keys for all our Atos HPCF nodes. If you get an error along those lines, See 2022-08-10 SSH host keys fixed on all nodes and Cron service for more information.

You can connect for the first time via SSH from another ECMWF platform. If you do so from ECGATE or the Cray HPCF you will not need a password to log in.

No Format
$> ssh hpc-login
# or for users with no formal access to HPC service:
$> ssh ecs-login

From outside ECMWF, you may use Teleport through our gateway in Bologna, jump.ecmwf.int. Direct access through ECACCESS service is not available.

No Format
$> tsh login --proxy=jump.ecmwf.int
$> ssh -J user@jump.ecmwf.int user@hpc-login
# or for users with no formal access to HPC service:
$> ssh -J user@jump.ecmwf.int user@ecs-login

For all the details of this connection method please see the Teleport documentation, where you will find how to best configure your SSH settings.Note that direct access through ECACCESS service is not available.

You may also connect via SSH from another ECMWF platform. If you do so from ECGATE or the Cray HPCF you will not need a password to log in.

No Format
$> ssh hpc-login
# or for users with no formal access to HPC service:
$> ssh ecs-login

See also HPC2020: Persistent interactive job with ecinteractive if you wish to customise the resource limits of your interactive session.

...

You can use the hpc-* or hpc2020-* names in the table below if you just need to use the default HPCF complex, or the specific names for each of the complexes. For ECS, you may use the ecs-* names. Your usual interface to connect would be the *-login names, and for remote submission of jobs we would recommend using the *-batch names as they are dedicated login nodes for job submissions. If you need to set up a cronjob, then the *-cron names are to be used.

...