You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

You can connect for the first time via SSH from another ECMWF platform.

$> ssh aa
# or for users with no formal access to HPC service:
$> ssh ecs

See also HPC2020: Persistent interactive job with ecinteractive if you wish to customise the resource limits of your interactive session.

Upon logging in, please take a look at the message of the day displayed on the login nodes (or review /etc/motd). 

Password access

If you have not changed your password since 18 January 2021, password access may not work.

External access

If you are using Teleport, a chained ProxyJump could be configured as an interim measure. Below is a suggested entry which you need to place in your End User Device's ~/.ssh/config. It also includes the settings for X11 forwarding and to avoid your connections to drop after a period of inactivity. Note you must set your ECMWF username in the User option

Example snippet of ~/.ssh/config with chained ProxyJump 
Host aa aa.ecmwf.int ecs ecs.ecmwf.int
    User yourusername
    ForwardX11 yes
    ForwardX11Timeout 0
    ServerAliveInterval 60
    TCPKeepAlive yes
    # Temporary extra jump through ecgate until direct access is sorted
    ProxyJump shell.ecmwf.int,ecgate

 Direct access from outside ECMWF through ECACCESS is not available. You must choose a valid host such as ecgate, and once there ssh into the desired host.

Password-less access from / to other platforms

If connecting from a different platform and to enable password-less connections and transfers between different platforms, you will need to enable ssh key authentication.

  1. Check if you have an existing ssh key pair on other ECMWF platforms:

    $> ls ~/.ssh/id_*
~/.ssh/id_rsa    ~/.ssh/id_rsa.pub

    If you don't, you may generate them like so:

    $> ssh-keygen                         # press 'enter' 3 more times

  2. Make sure it is added into the different platforms to be used

    If the key was already present in the ~/.ssh/authorized_keys file, it will be duplicated.

    $> ssh-copy-id -i ~/.ssh/id_rsa.pub ecgate
$> ssh-copy-id -i ~/.ssh/id_rsa.pub cca
$> ssh-copy-id -i ~/.ssh/id_rsa.pub aa
# or for users with no formal access to HPC service:
$> ssh-copy-id -i ~/.ssh/id_rsa.pub ecs

  3. Copy also your private key onto those platforms so you can make the connections in both directions:

    $> rsync -av ~/.ssh/id_rsa cca:.ssh/
$> rsync -av ~/.ssh/id_rsa aa:.ssh/
# or for users with no formal access to HPC service:
$> rsync -av ~/.ssh/id_rsa ecs:.ssh/




  • No labels