View Source

Teleport is software which provides an SSH Jump Host (or Bastion host) service in a secure, modern way, with support for role-based access control and single sign-on. It is used to access a number of services at ECMWF, including our Atos HPCF and ECS services. The service provides:

Single SSH hop from client systems anywhere on the internet to servers inside ECMWF (HPC, etc)
Re-authentication required only every 12 hours (usually once per working day)
Integration with standard tools such as the OpenSSH ssh client, scp, and ssh-agent
X11 and Port forwarding

The single sign-on step is performed using an application called "tsh". After that you use standard ssh or scp to connect to systems inside ECMWF.

We currently run two Teleport services in production:

jump-17.ecmwf.int: Latest production service, recommended.
jump.ecmwf.int: Legacy service, to be retired in October 2025.

If you are setting up the access for the first time, you should choose the recommended jump-17.ecmwf.int service.

If you are updating your setup to use the latest production service, note that you will need to change both the client and your ssh configuration (e.g. $HOME/.ssh/config file).

Here are the instructions on how to set it up depending on your platform:

If you prefer not to install any application on your platform, you may also access teleport through a web client as described in Teleport SSH Access - Web client

If you are a system administrator setting up access to teleport from your organisation, have a look at the Teleport SSH Access - Network requirements for additional information on how this system works and its network requirements.