Edit the file ~/.ssh/config on your computer and add the snippet below. You may create it if it does not exist. You should replace ecmwfusername
by your registered ECMWF user and user.address@somewhere.com
by your registered email address at ECMWF.Host jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-*
User ecmwfusername
IdentityFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com
CertificateFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com-ssh/jump.ecmwf.int-cert.pub
HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
PubkeyAcceptedKeyTypes +ssh-rsa*
ServerAliveInterval 60
TCPKeepAlive yes
Host a?-* a??-* hpc-* hpc2020-* ecs-*
ProxyJump jump.ecmwf.int
Not sure about username and email?
You can find the right values for those two parameters in the output of the tsh command:
% tsh login
> Profile URL: https://jump.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: jump.ecmwf.int
Roles:
Logins: ecmwfusername
Kubernetes: disabled
Valid until: 2022-12-13 20:54:18 +0000 GMT [valid for 3h56m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
Once you have configured that, any ssh-based tools such as ssh, scp or rsync should work out of the box without any additional options.
To test the connection you may ssh into hpc-login if you have access to ECMWF's HPCF:
% ssh hpc-login
Or alternatively, if you only have access to ECMWF ECS service:
% ssh ecs-login
Visit our HPCF User Guide for further information.
Troubleshooting
ProxyJump keyword not available on old Linux versions
If using an Operating System with OpenSSH older than 7.3, you will not be able to use the ProxyJump feature. The typical error would be something like:
% ssh hpc-login /home/user/.ssh/config: line 10: Bad configuration option: proxyjump
You must then replace the line
Host a?-* a??-* hpc-* hpc2020-* ecs-* ProxyJump jump.ecmwf.int
by:
Host a?-* a??-* hpc-* hpc2020-* ecs-* ProxyCommand /usr/bin/ssh -q -o PubkeyAcceptedKeyTypes=+ssh-rsa* -oHostKeyAlgorithms=+ssh-rsa*,rsa-sha2-512 -i ~/.tsh/keys/jump.ecmwf.int/user.address@somwhere.com -W %h:%p ecmwfusername@jump.ecmwf.int
You should replace ecmwfusername
by your registered ECMWF user and user.address@somewhere.com
by your registered email address at ECMWF.
If everything else fails...
If you cannot connect via SSH and cannot manage to understand why, please raise an issue to our ECMWF Support portal and sending us the output of the commands:
tsh login ssh -v ecs-login
You should also include information about your computer (Operating system and teleport version) to help us narrow down the problem.