This software will allow you to login to teleport and get the certificate without a browser (or X-capabilities).
<script src="https://sites.ecmwf.int/public/sharebox/confluence-tabs-sync.js"></script>
<script src="https://sites.ecmwf.int/public/sharebox/fetch-teleport-versions-class.js"></script> |
Prerequisites
Before you start, make sure you have the following elements installed and available in your system:
Installation
Install the module from ECMWF public software repository:
user@local $ pip3 install teleport-browserless-login --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
If you get the error: Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://www.piwheels.org/simple/teleport-browserless-login/ |
Comment the line extra-index-url=https://www.piwheels.org/simple
from /etc/pip.conf |
Basic Usage
A shell script is installed along with the package, so all the commands python3 -m teleport.login can be replaced with teleport-login on Linux or Mac systems |
Define the target service. On Linux, Mac, or Windows Subsystem for Linux (WSL): export TSH_PROXY=jump-17.ecmwf.int:443 |
On Windows Powershell $env:TSH_PROXY=jump-17.ecmwf.int:443 |
Alternatively, you may define it through a configuration file as described in Advance Usage. You can now authenticate with our Teleport system with: user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: ecmwfusername
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump-17.ecmwf.int:443 --user=ecmwfusername]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump-17.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: jump-17.ecmwf.int
Roles: shelluser
Logins: ecmwfusername
Kubernetes: enabled
Valid until: 2025-04-01 20:52:17 +0000 BST [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
|
|
Define the target service. On Linux, Mac, or Windows Subsystem for Linux (WSL): export TSH_PROXY=jump.ecmwf.int:443 |
On Windows Powershell $env:TSH_PROXY=jump.ecmwf.int:443 |
Alternatively, you may define it through a configuration file as described in Advance Usage. You can now authenticate with our Teleport system with: user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: ecmwfusername
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=ecmwfusername]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: jump.ecmwf.int
Roles:
Logins: ecmwfusername
Kubernetes: disabled
Valid until: 2025-04-01 20:52:17 +0000 BST [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
|
|
|
That will prompt you for your ECMWF username, password and TOTP of HID Token if TOTP is not configured.
This module will not attempt to authenticate if the current certificates are still valid. |
Advanced Usage
For more advance usages, check the module help:
user@local $ python3 -m teleport.login --help
VERSION = "1.1.8"
Environment Variables:
ECMWF_USERNAME The ECMWF Username
ECMWF_PASSWORD The ECMWF Password
TSH_EXEC The Teleport binary tsh path
TSH_PROXY The ECMWF Teleport proxy
Configuration file content example (yaml):
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password'
Usage: python -m teleport.login [OPTIONS]
Options:
--configuration PATH The path to the configuration file.
-f, --force-clean To Request a new certificate even if the current one
is valid.
-o, --tsh-options TEXT To add extra options to tsh command. e.g.: -o "--no-
use-local-ssh-agent" -o "--insecure"
--help Show this message and exit. |
You can configure your default settings in such as the ECMWF username and password, using environment variables or a configuration file. By default, this tool will look into ~/.teleport-login.yaml but a different file may be passed with the --configuration option. Note that the tool will always prompt for the OTP token:
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token: ******
... |
An example of such a configuration file is:
user@local $ cat .teleport-login.yaml
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump-17.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password' |
You can override all configuration values by using Environment Variables: user@local $ export ECMWF_USERNAME='test'
user@local $ export ECMWF_PASSWORD='zzzz'
user@local $ export TSH_EXEC='tsh'
user@local $ export TSH_PROXY='jump-17.ecmwf.int:443'
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Environment variable [ECMWF_USERNAME] found. Overriding...
INFO - Environment variable [ECMWF_PASSWORD] found. Overriding...
INFO - Environment variable [TSH_EXEC] found. Overriding...
INFO - Environment variable [TSH_PROXY] found. Overriding...
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump-17.ecmwf.int:443]
... |
|
user@local $ cat .teleport-login.yaml
tsh_exec: '/usr/local/bin/tsh'
tsh_proxy: 'jump.ecmwf.int:443'
ecmwf_username: 'your_username'
ecmwf_password: 'your_password' |
You can override all configuration values by using Environment Variables: user@local $ export ECMWF_USERNAME='test'
user@local $ export ECMWF_PASSWORD='zzzz'
user@local $ export TSH_EXEC='tsh'
user@local $ export TSH_PROXY='jump.ecmwf.int:443'
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Environment variable [ECMWF_USERNAME] found. Overriding...
INFO - Environment variable [ECMWF_PASSWORD] found. Overriding...
INFO - Environment variable [TSH_EXEC] found. Overriding...
INFO - Environment variable [TSH_PROXY] found. Overriding...
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443]
... |
|
|
If no configuration is provided the module will use default values:
- tsh_exec - if
tsh is on the system PATH, this can be left out the configuration file as the default is tsh - tsh_proxy - this can be left out the configuration file as the default is
jump.ecmwf.int:443 - username - will be prompted
- password - will be prompted
- token - will ALWAYS be prompted
This module will always prompt the user if some credential is missing. |
Troubleshooting
If you run into problems, enabling DEBUG might be useful to get more information regarding the failure. Just set the environment variable DEBUG to True:
user@local $ DEBUG=True python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/home/uid/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token:
DEBUG - Loaded Configuration: {"token": "xxxxxx", "username": "ecmwfusername", "password": "xxxxxxxx", "tsh_exec": "/usr/local/bin/tsh", "tsh_proxy": "jump-17.ecmwf.int:443"}
INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=jump-17.ecmwf.int:443]
DEBUG - Setting User-Agent: {'User-Agent': 'TeleportBrowserlessLogin/1.0.0 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-glibc2.31) Python/3.9.5'}
DEBUG - Starting new HTTP connection (1): 127.0.0.1:42387
DEBUG - http://127.0.0.1:42387 "GET /fbbeee7d-dfc3-4b7b-a75a-830f48980d2e HTTP/1.1" 302 309
DEBUG - Starting new HTTPS connection (1): accounts.ecmwf.int:443
DEBUG - https://accounts.ecmwf.int:443 "GET /auth/realms/ecmwf/protocol/openid-connect/auth... HTTP/1.1" 200 5797
INFO - TeleportLoginUrlHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5654
INFO - UsernamePasswordHandler finished
DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5915
INFO - HIDTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump-17.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: jump-17.ecmwf.int
Roles: shelluser
Logins: ecmwfusername
Kubernetes: enabled
Valid until: 2025-04-01 20:52:17 +0000 BST [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty |
If you need to pass additional options to the tsh command use --tsh-options
user@local $ python3 -m teleport.login --tsh-options="--no-use-local-ssh-agent --insecure" |