You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

You can connect for the first time via SSH from another ECMWF platform.

$> ssh aa
# or for users with no formal access to HPC service:
$> ssh ecs

See also HPC2020: Persistent interactive job with ecinteractive if you wish to customise the resource limits of your interactive session.

Upon logging in, please take a look at the message of the day displayed on the login nodes (or review /etc/motd). 

Password access

If you have not changed your password since 18 January 2021, password access may not work.

External access

If you are using Teleport, a chained ProxyJump could be configured as an interim measure. Below is a suggested entry which you need to place in your End User Device's ~/.ssh/config. It also includes the settings for X11 forwarding and to avoid your connections to drop after a period of inactivity. Note you must set your ECMWF username in the User option

Example snippet of ~/.ssh/config with chained ProxyJump 
Host aa aa.ecmwf.int ecs ecs.ecmwf.int
    User yourusername
    ForwardX11 yes
    ForwardX11Timeout 0
    ServerAliveInterval 60
    TCPKeepAlive yes
    # Temporary extra jump through ecgate until direct access is sorted
    ProxyJump shell.ecmwf.int,ecgate

Passwordless access with Teleport

If you wish to have passwordless access, you will need to add the following entry to your ~/.ssh/authorized_keys on the Atos HPCF:

cert-authority ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2QE49QKUUtlB4dakthb8yEV+oURpP6tZ4OtYNvItXRopxehywR2Dckx/FU4hAM3kMC2seG1bKZLCiSAK1srRwFZcc5QjWyNd7DzJerwe2jTy09/fFWPVB4cHA1UfQwhs/8s0Cl/pMIddpDYy1sGUzndX82L6C9DcnNKJcFyFpZnjTHpEgX7JWlp30py4aj3d7LgmgqYbng26fl0mWcDjV1R8rC6xz0IpZ50AzTAxk9ZWObOBNRq9gp62W6u6UenKuhycnnu4JSKE3mCS/LSGOQ2uvPyecMol4kz+IMvrtm0xqta2c+7wdcZu3tZk+oTCSsTK+9lR3KlF3iDO3XAznclustername=shell.ecmwf.int&type=user

Alternatively, if you have an ssh key pair on your end user device, you could also add your public key into ~/.ssh/authorized_keys on the Atos HPCF for the same effect.

Direct access from outside ECMWF through ECACCESS is not available. You must choose a valid host such as ecgate, and once there ssh into the desired host.

Password-less access from / to other platforms

If connecting from a different platform and to enable password-less connections and transfers between different platforms, you will need to enable ssh key authentication.

  1. Check if you have an existing ssh key pair on other ECMWF platforms:

    $> ls ~/.ssh/id_*
~/.ssh/id_rsa    ~/.ssh/id_rsa.pub

    If you don't, you may generate them like so:

    $> ssh-keygen                         # press 'enter' 3 more times

  2. Make sure it is added into the different platforms to be used

    If the key was already present in the ~/.ssh/authorized_keys file, it will be duplicated.

    $> ssh-copy-id -i ~/.ssh/id_rsa.pub ecgate
$> ssh-copy-id -i ~/.ssh/id_rsa.pub cca
$> ssh-copy-id -i ~/.ssh/id_rsa.pub aa
# or for users with no formal access to HPC service:
$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecs

  3. Copy also your private key onto those platforms so you can make the connections in both directions:

    $> rsync -av ~/.ssh/id_rsa cca:.ssh/
$> rsync -av ~/.ssh/id_rsa aa:.ssh/
# or for users with no formal access to HPC service:
$> rsync -av ~/.ssh/id_rsa ecs:.ssh/




  • No labels