You can connect for the first time via SSH from another ECMWF platform.
$> ssh aa # or for users with no formal access to HPC service: $> ssh ecs
See also HPC2020: Persistent interactive job with ecinteractive if you wish to customise the resource limits of your interactive session.
Upon logging in, please take a look at the message of the day displayed on the login nodes (or review /etc/motd).
Password access
If you have not changed your password since 18 January 2021, password access may not work.
External access
If you are using Teleport, a chained ProxyJump could be configured as an interim measure. Below is a suggested entry which you need to place in your End User Device's ~/.ssh/config
. It also includes the settings for X11 forwarding and to avoid your connections to drop after a period of inactivity. Note you must set your ECMWF username in the User
option
Passwordless access with Teleport
If you wish to have passwordless access, you will need to add the following entry to your ~/.ssh/authorized_keys
on the Atos HPCF:
cert-authority ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2QE49QKUUtlB4dakthb8yEV+oURpP6tZ4OtYNvItXRopxehywR2Dckx/FU4hAM3kMC2seG1bKZLCiSAK1srRwFZcc5QjWyNd7DzJerwe2jTy09/fFWPVB4cHA1UfQwhs/8s0Cl/pMIddpDYy1sGUzndX82L6C9DcnNKJcFyFpZnjTHpEgX7JWlp30py4aj3d7LgmgqYbng26fl0mWcDjV1R8rC6xz0IpZ50AzTAxk9ZWObOBNRq9gp62W6u6UenKuhycnnu4JSKE3mCS/LSGOQ2uvPyecMol4kz+IMvrtm0xqta2c+7wdcZu3tZk+oTCSsTK+9lR3KlF3iDO3XAznclustername=shell.ecmwf.int&type=user
Alternatively, if you have an ssh key pair on your end user device, you could also add your public key into ~/.ssh/authorized_keys
on the Atos HPCF for the same effect.
Direct access from outside ECMWF through ECACCESS is not available. You must choose a valid host such as ecgate, and once there ssh into the desired host.
Password-less access from / to other platforms
If connecting from a different platform and to enable password-less connections and transfers between different platforms, you will need to enable ssh key authentication.
Check if you have an existing ssh key pair on other ECMWF platforms:
$> ls ~/.ssh/id_* ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
If you don't, you may generate them like so:
$> ssh-keygen # press 'enter' 3 more times
Make sure it is added into the different platforms to be used
If the key was already present in the
~/.ssh/authorized_keys
file, it will be duplicated.$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecgate $> ssh-copy-id -i ~/.ssh/id_rsa.pub cca $> ssh-copy-id -i ~/.ssh/id_rsa.pub aa # or for users with no formal access to HPC service: $> ssh-copy-id -i ~/.ssh/id_rsa.pub ecs
Copy also your private key onto those platforms so you can make the connections in both directions:
$> rsync -av ~/.ssh/id_rsa cca:.ssh/ $> rsync -av ~/.ssh/id_rsa aa:.ssh/ # or for users with no formal access to HPC service: $> rsync -av ~/.ssh/id_rsa ecs:.ssh/