These are the instructions on how to install and configure your Teleport SSH access on the native Windows Terminal or Powershell to connect to ECMWF services such as the Atos HPCF and ECGATE services.
Check the following pages if you are using another Windows method:
Teleport SSH Access - Windows Subsystem for Linux (WSL)
Table of Contents
Demo
Here is a demonstration on how to set up Teleport to connect to our our Atos HPCF from your terminal on a Windows 10 or 11. You can find the step by step guide described below.
Installing the tsh
client
The tsh
application is required to perform user authentication.
tsh
is open source, very portable, and has minimal dependencies.
Go to the Teleport website and make sure you download the "tsh client" instead of "Teleport Connect" for Windows.
You will need to extract the zip file and put the "tsh.exe" executable somewhere in your PATH. The easiest way to do this is to:
- Open the zip file in your file browser
- Drag the teleport folder inside the file and drop into the directory of your choice (the main directory for your user, for example)
Open a Powershell and add to the PATH variable the location of the teleport directory. For example, if you dropped it on your main user directory (C:\Users\yourusername):
setx PATH "%USERPROFILE%\teleport;%PATH%"
Authenticating yourself
Once every 12 hours, you will need to refresh your tokens with the tsh
command. SSH connections may remain active for longer than 12 hours, but new connections will require re-authentication.
To authenticate yourself, Open a Windows Terminal or Powershell and run tsh
, giving the location of our Teleport gateway:
|
Your default web browser will open. You should login with your email address, ECMWF password, and then the code from your Time-based One-Time-Password (TOTP) device or the 8-digit one-time passcode from your ActivIdentity (HID) security token if you have not configured your TOTP yet.
Existing sessions
If you're already logged in to the ECMWF website, or have recently logged in to this service, the password prompt might be skipped.
Browserless authentication
If your computer does not have a browser or cannot display one, you may use the Teleport SSH access - Browserless Login Python Module for the authentication.
If the process is successful, you will see an output such as:
> Profile URL: https://jump.ecmwf.int:443 Logged in as: user.address@somewhere.com Cluster: jump.ecmwf.int Roles: Logins: ecmwfusername Kubernetes: disabled Valid until: 2022-12-13 20:54:18 +0000 GMT [valid for 4h37m0s] Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
Subsequent logins
Once you have logged int at least once, tsh will save your proxy settings so you can skip the extra argument next time:
tsh login
Setup your SSH config
We strongly recommend setting up all the SSH options needed for the connection instead of passing them on the command line.
- Open the File Explorer and navigate to
C:\Users\yourwindowsuser\
- If you have a directory called "
.ssh
" directory, go inside. If not, you may create it with clicking on "New Folder" - Inside the
.ssh
directory, check if there is a file called "config
".- If config exist, open it with your favourite editor, such as notepad or vscode.
- If config does not exist, you can open your favourite editor such as notepad or vscode to create the file and save it later
Add the snipped below in the file you opened.
SSH config snippet in ~/.ssh/configHost jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-* User ecmwfusername IdentityFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com CertificateFile ~/.tsh/keys/jump.ecmwf.int/user.address@somewhere.com-ssh/jump.ecmwf.int-cert.pub HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512 PubkeyAcceptedKeyTypes +ssh-rsa* ServerAliveInterval 60 TCPKeepAlive yes Host a?-* a??-* hpc-* hpc2020-* ecs-* ProxyJump jump.ecmwf.int
You should replace
ecmwfusername
by your registered ECMWF user anduser.address@somewhere.com
by your registered email address at ECMWF.Not sure about username and email?
You can find the right values for those two parameters in the output of the tsh command:
% tsh login
> Profile URL: https://jump.ecmwf.int:443
Logged in as: user.address@somewhere.com
Cluster: jump.ecmwf.int
Roles:
Logins: ecmwfusername
Kubernetes: disabled
Valid until: 2022-12-13 20:54:18 +0000 GMT [valid for 3h56m0s]
Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
- Save the file. If you are creating the file from scratch, make sure you save it under
C:\Users\yourwindowsuser\.ssh
and with the name "config", including the double quotes.
SSH connection
Once you have configured the appropriate settings, any SSH-based tools such as ssh
, scp
or rsync
should work out of the box without any additional options.
To test the connection, open your Windows terminal or Powershell. You then may ssh into hpc-login if you have access to ECMWF's HPCF:
ssh hpc-login
Or alternatively, if you only have access to ECMWF ECS service:
ssh ecs-login
Visit our HPCF User Guide for further information.
Troubleshooting
If you cannot connect via SSH and cannot manage to understand why, please raise an issue to our ECMWF Support portal and sending us the output of the commands:
tsh login ssh -v ecs-login
You should also include information about your computer (Operating system and teleport version) to help us narrow down the problem.