You can connect for the first time via SSH from another ECMWF platform. If you do so from ECGATE or the Cray HPCF you will not need a password to log in.
$> ssh aa-login # or for users with no formal access to HPC service: $> ssh ecs-login
See also HPC2020: Persistent interactive job with ecinteractive if you wish to customise the resource limits of your interactive session.
Upon logging in, please take a look at the message of the day displayed on the login nodes (or review /etc/motd).
Password access
If you have not changed your password since 18 January 2021, password access may not work.
External access
If you are using Teleport, a chained ProxyJump could be configured as an interim measure. Below is a suggested entry which you need to place in your End User Device's ~/.ssh/config
. It also includes the settings for X11 forwarding and to avoid your connections to drop after a period of inactivity. Note you must set your ECMWF username in the User
option
Passwordless access with Teleport
If you wish to have password-less access, you will need to add the following entry to your ~/.ssh/authorized_keys
on the Atos HPCF:
curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys
Alternatively, if you have an ssh key pair on your end user device, you could also add your public key into ~/.ssh/authorized_keys
on the Atos HPCF for the same effect.
Direct access from outside ECMWF through ECACCESS is not available. You must choose a valid host such as ecgate, and once there ssh into the desired host.
Password-less access from / to other platforms
If connecting from a different platform and to enable password-less connections and transfers between different platforms, you will need to enable ssh key authentication.
Check if you have an existing ssh key pair on other ECMWF platforms:
$> ls ~/.ssh/id_* ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
If you don't, you may generate them like so:
$> ssh-keygen # press 'enter' 3 more times
Make sure it is added into the different platforms to be used
If the key was already present in the
~/.ssh/authorized_keys
file, it will be duplicated.$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecgate $> ssh-copy-id -i ~/.ssh/id_rsa.pub cca $> ssh-copy-id -i ~/.ssh/id_rsa.pub aa-login # or for users with no formal access to HPC service: $> ssh-copy-id -i ~/.ssh/id_rsa.pub ecs-login
Copy also your private key onto those platforms so you can make the connections in both directions:
$> rsync -av ~/.ssh/id_rsa cca:.ssh/ $> rsync -av ~/.ssh/id_rsa aa-login:.ssh/ # or for users with no formal access to HPC service: $> rsync -av ~/.ssh/id_rsa ecs-login:.ssh/