Access MOGON from outside of the university network using UNIX
Generating a new SSH-Key using Linux or macOS
In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:
ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"
This generates a new private/public RSA key pair with 4096 bit key size.
Please note: The part -C “HPCGATE,HPCLOGIN” creates the mandatory comment, which can be pasted into the web form.
Then ssh-keygen asks for a name for the key.
Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]
After that you have to specify a passphrase - use a passphrase! . An empty passphrase is a serious security concern.
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
In this case you deviate from the default names and you ought make your ssh-agent aware of it:
ssh-add ~/Path/To/Your/PrivateKey
Modify existing SSH-Keys
If you already have an SSH-Key pair, you can change the comment as follows, for example to add the HPCGATE,HPCLOGIN string if you have forgotten to append it:
ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey
Access
If you only need to do this occasionally, you can use this command:
ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@<service-node>
Simply replace <username> with your ZDV-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .
You can also explicitly specify the SSH-Key for the connection:
ssh -i ~/Path/To/Private/Key -J <username>@hpcgate.zdv.uni-mainz.de -i ~/Path/To/Private/Key <username>@<service-node>
The SSH-Key for the jump host and the MOGON service node need not necessarily be identical. However, the SSH-Keys must have been added to your ZDV account and have the correct properties.
OpenSSH below 7.3
The ProxyJump option was added in OpenSSH 7.3 and is basically shorthand for the ProxyCommand. For OpenSSH versions less than 7.3. you can use the following command:
ssh -o ProxyCommand="ssh -W %h:%p <username>@hpcgate.zdv.uni-mainz.de" <username>@<service-node>
Simply replace <username> with your ZDV-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .
SSH Version
Check your SSH Client Version withssh -V
Using the SSH config file
If you need to login from the outside more often, you can configure your SSH client to perform these steps "automagically":
First edit your local ssh config (~/.ssh/config) and add all of the following lines, where the setting ForwardX11 yes is optional:
# MOGON jump host Host hpcgate HostName hpcgate.zdv.uni-mainz.de User <username> IdentityFile ~/Path/To/Private/Key # for access to MOGON II: Host mogon HostName mogon User <username> ProxyJump hpcgate IdentityFile ~/Path/To/Private/Key
For example, you can now simply use:
ssh mogon
for access to a service node on MOGON I or II. (More information on the jumphost technique with ProxyCommand)
OpenSSH below 7.3
# MOGON jump host Host hpcgate HostName hpcgate.zdv.uni-mainz.de User <username> IdentityFile ~/Path/To/Private/Key # for access to MOGON II: Host mogon HostName mogon User <username> IdentityFile ~/Path/To/Private/Key ProxyCommand ssh -W %h:%p hpcgate
For example, you can now simply use:
ssh mogon
Using X11-forwarding on MacOS
In order to use the X11-forwarding, an X11-server should be installed in your system.
Warning!
X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project.