start:mogon_cluster:access_from_outside_unix

In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:

ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"

This generates a new private/public RSA key pair with 4096 bit key size.
Please note: The part -C “HPCGATE,HPCLOGIN” creates the mandatory comment, which can be pasted into the web form.
Then ssh-keygen asks for a name for the key.

Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]

After that you have to specify a passphrase - use a passphrase! . An empty passphrase is a serious security concern.

Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again] 

In this case you deviate from the default names and you ought make your ssh-agent aware of it:

ssh-add ~/Path/To/Your/PrivateKey

If you already have an SSH-Key pair, you can change the comment as follows, for example to add the HPCGATE,HPCLOGIN string if you have forgotten to append it:

ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey

If you only need to do this occasionally, you can use this command:

ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@mogon

Simply replace <username> with your JGU-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .

You can also explicitly specify the SSH-Key for the connection:

ssh -i ~/Path/To/Private/Key -J <username>@hpcgate.zdv.uni-mainz.de -i ~/Path/To/Private/Key <username>@mogon

The SSH-Key for the jump host and the MOGON service node need not necessarily be identical. However, the SSH-Keys must have been added to your JGU account and have the correct properties.

The ProxyJump option was added in OpenSSH 7.3 and is basically shorthand for the ProxyCommand. For OpenSSH versions less than 7.3. you can use the following command:

ssh -o ProxyCommand="ssh -W %h:%p <username>@hpcgate.zdv.uni-mainz.de" <username>@mogon

Simply replace <username> with your JGU-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .

#### SSH Version

Check your SSH Client Version with ssh -V

If you need to login from the outside more often, you can configure your SSH client to perform these steps "automagically":

First edit your local ssh config (~/.ssh/config) and add all of the following lines, where the setting ForwardX11 yes is optional:

# MOGON jump host
Host hpcgate
HostName hpcgate.zdv.uni-mainz.de
# turn on optionally for forwarding graphical user interfaces
ForwardX11 yes
# the next line is only mandatory, if you have chosen a non-standard name or path for your key files
IdentityFile ~/Path/To/Private/Key

Host mogon
HostName mogon
ProxyJump hpcgate
# turn on optionally for forwarding graphical user interfaces
ForwardX11 yes
# the next line is only mandatory, if you have chosen a non-standard name or path for your key files
IdentityFile ~/Path/To/Private/Key

For example, you can now simply use:

ssh mogon

#### OpenSSH below 7.3

# MOGON jump host
Host hpcgate
HostName hpcgate.zdv.uni-mainz.de
IdentityFile ~/Path/To/Private/Key

Host mogon
HostName mogon
IdentityFile ~/Path/To/Private/Key
ProxyCommand ssh -W %h:%p hpcgate

For example, you can now simply use:

ssh mogon

In order to use the X11-forwarding, an X11-server should be installed in your system.

#### Warning!

X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project.

• start/mogon_cluster/access_from_outside_unix.txt