teleport-browserless-login
This software will allow you to login to teleport and get the certificate without a browser (or X-capabilities)
...
.
Table of Contents |
---|
Prerequisites
Before you start, make sure you have the following elements installed and available in your system:
- Python 3
- pip
- The Teleport standard tsh client as described in Teleport SSH Access
Installation
Install the module from ECMWF public software repository:
Code Block | |
---|---|
language | bash | title | Installation
No Format | |
user@local $ pip3 install teleport-browserless-login --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
In order to install the extra certificates checks please install with the extras option certificates-check
(requires the cryptography python package):
Code Block | |
---|---|
language | bash | title | Installation
No Format | |
user@local $ pip3 install teleport-browserless-login[certificates-check] --user -U -i https://get.ecmwf.int/repository/pypi-all/simple |
...
Note | ||||
---|---|---|---|---|
| ||||
If you get the error:
Comment the lineline from |
Check the module help
:
Basic Usage
Tip |
---|
A shell script is installed along with the package, so all the commands python3 -m teleport.login can be replaced with teleport-login on Linux or Mac systems |
You can now authenticate with our Teleport system with:
No Format |
---|
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [/home/demo/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: us9
INFO - Password is empty...
INPUT - ECMWF password: ********
INPUT - OTP Token: ******
INFO - Starting [tsh login --browser=none --proxy=jump.ecmwf.int:443 --user=us9]
INFO - Configuring HIDTokenHandler with successor NoneType
INFO - Configuring OTPTokenHandler with successor HIDTokenHandler
INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler
INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler
INFO - TeleportLoginUrlHandler finished
INFO - UsernamePasswordHandler finished
INFO - OTPTokenHandler finished
INFO - Login Successful
INFO - > Profile URL: https://jump.ecmwf.int:443
Logged in as: us.induction@ecmwf.int
Cluster: jump.ecmwf.int
Roles:
Logins: us9
Kubernetes: disabled
Valid until: 2022-12-17 03:52:17 +0000 UTC [valid for 11h58m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
|
That will prompt you for your ECMWF username, password and TOTP
of HID Token
if TOTP
is not configured.
Info |
---|
This module will not attempt to authenticate if the current certificates are still valid. |
Advanced Usage
For more advance usages, check the module help
:
No Format | |
---|---|
Code Block | |
language | bash | title | Help
user@local $ python3 -m teleport.login --help VERSION = "1.1.8" Environment Variables: ECMWF_USERNAME The ECMWF Username ECMWF_PASSWORD The ECMWF Password TSH_EXEC The Teleport binary tsh path TSH_PROXY The ECMWF Teleport proxy Configuration file content example (yaml): tsh_exec: '/usr/local/bin/tsh' tsh_proxy: 'shelljump.ecmwf.int:443' ecmwf_username: 'your_username' ecmwf_password: 'your_password' Usage: python -m teleport.login [OPTIONS] Options: --configuration PATH The path to the configuration file. -f, --force-clean To Request a new certificate even if the current one is valid. -o, --tsh-options TEXT To add extra options to tsh command. e.g.: -o "--no- use-local-ssh-agent" -o "--insecure" --help Show this message and exit. |
Using the module without arguments will prompt for the HID Token
or TOTP
(if configured instead) and load the default configuration fileYou can configure your default settings in such as the ECMWF username and password, using environment variables or a configuration file. By default, this tool will look into ~/.teleport-login.yaml
: but a different file may be passed with the --configuration
option. Note that the tool will always prompt for the OTP token:
No Format | |
---|---|
Code Block | |
language | bash | title | Login
user@local $ python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uiddemo/.teleport-login.yaml] INFO - Checking environment for configuration variables... INPUT - OTP Token: ****** INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=shelljump.ecmwf.int:443 --user=us9] INFO - Configuring HIDTokenHandler with successor NoneType INFO - Configuring OTPTokenHandler with successor HIDTokenHandler INFO - Configuring UsernamePasswordHandler with successor OTPTokenHandler INFO - Configuring TeleportLoginUrlHandler with successor UsernamePasswordHandler INFO - TeleportLoginUrlHandler finished INFO - UsernamePasswordHandler finished INFO - HIDTokenHandlerOTPTokenHandler finished INFO - Login Successful INFO - > Profile URL: https://shelljump.ecmwf.int:443 Logged in as: FirstNameus.LastName@ecmwfinduction@ecmwf.int Cluster: shelljump.ecmwf.int Roles: Logins: uidus9 Kubernetes: disabled Valid until: 20212022-0612-0717 0703:2857:5549 +01000000 BSTUTC [valid for 12h0m0s11h58m0s] Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty |
If you want to provide a specific path for your configuration file using --configuration
and you will be prompt for the HID Token
:
Code Block | ||||
---|---|---|---|---|
| ||||
user@local $ python3 -m teleport.login --configuration /path/to/configuration.yaml
INFO - Certificates not found or not valid anymore
INFO - Loading configuration file [/path/to/configuration.yaml]
INFO - Checking environment for configuration variables...
INPUT - OTP Token:
... |
An example of such a configuration file is:
Code Block | |
---|---|
language | bash | title | Configuration File Example
No Format | |
user@local $ cat .teleport-login.yaml tsh_exec: '/usr/local/bin/tsh' tsh_proxy: 'shelljump.ecmwf.int:443' ecmwf_username: 'your_username' ecmwf_password: 'your_password' |
You can override all configuration values by using Environment Variables
:
No Format | ||||
---|---|---|---|---|
Code Block | ||||
| ||||
user@local $ export ECMWF_USERNAME='test' user@local $ export ECMWF_PASSWORD='zzzz' user@local $ export TSH_EXEC='tsh' user@local $ export TSH_PROXY='shell-testjump.ecmwf.int:443' user@local $ python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uid/.teleport-login.yaml] INFO - Checking environment for configuration variables... INFO - Environment variable [ECMWF_USERNAME] found. Overriding... INFO - Environment variable [ECMWF_PASSWORD] found. Overriding... INFO - Environment variable [TSH_EXEC] found. Overriding... INFO - Environment variable [TSH_PROXY] found. Overriding... INPUT - OTP Token: INFO - Starting [tsh login --browser=none --proxy=shell-testjump.ecmwf.int:443] ... |
If no configuration is provided the module will use default values:
- tsh_exec - if
tsh
is on the system PATH, this can be left out the configuration file as the default istsh
- tsh_proxy - this can be left out the configuration file as the default is
sheljump.ecmwf.int:443
- username - will be prompted
- password - will be prompted
- token - will ALWAYS be prompted
Code Block | ||||
---|---|---|---|---|
| ||||
user@local $ python3 -m teleport.login
INFO - Certificates not found or not valid anymore
INFO - Configuration file not found [~/.teleport-login.yaml]
INFO - Checking environment for configuration variables...
INFO - Username is empty...
INPUT - ECMWF username: uid
INFO - Password is empty...
INPUT - ECMWF password:
INPUT - OTP Token:
INFO - Starting [tsh login --browser=none --proxy=shell.ecmwf.int:443]
... |
Info |
---|
This module will always prompt the user if some credential is missing. |
Troubleshooting
If you want to enable DEBUG, run into problems, enabling DEBUG might be useful to get more information regarding a the failure, just . Just set the environment variable DEBUG
to True
:
Code Block | |
---|---|
language | bash | title | Debug
No Format | |
user@local $ DEBUG=True python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uid/.teleport-login.yaml] INFO - Checking environment for configuration variables... INPUT - OTP Token: DEBUG - Loaded Configuration: {"token": "xxxxxx", "username": "uid", "password": "xxxxxxxx", "tsh_exec": "/usr/local/bin/tsh", "tsh_proxy": "shelljump.ecmwf.int:443"} INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=shelljump.ecmwf.int:443] DEBUG - Setting User-Agent: {'User-Agent': 'TeleportBrowserlessLogin/1.0.0 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-glibc2.31) Python/3.9.5'} DEBUG - Starting new HTTP connection (1): 127.0.0.1:42387 DEBUG - http://127.0.0.1:42387 "GET /fbbeee7d-dfc3-4b7b-a75a-830f48980d2e HTTP/1.1" 302 309 DEBUG - Starting new HTTPS connection (1): accounts.ecmwf.int:443 DEBUG - https://accounts.ecmwf.int:443 "GET /auth/realms/ecmwf/protocol/openid-connect/auth... HTTP/1.1" 200 5797 INFO - TeleportLoginUrlHandler finished DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5654 INFO - UsernamePasswordHandler finished DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5915 INFO - HIDTokenHandler finished INFO - Login Successful INFO - > Profile URL: https://shelljump.ecmwf.int:443 Logged in as: FirstName.LastName@ecmwf.int Cluster: shelljump.ecmwf.int Roles: Logins: uid Kubernetes: disabled Valid until: 2021-06-07 07:28:55 +0100 BST [valid for 12h0m0s] Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty |
This module will not attempt to authenticate if the current certificates are still valid.
...
If you need to pass additional options to the tsh command use --tsh-options
No Format |
---|
...
user@local $ |
...
python3 -m teleport.login |
...
|
...
group | ecmwf |
---|
ECMWF Staff only:
...
--tsh-options="--no-use-local-ssh-agent --insecure" |