start:mogon_cluster:access_from_outside_unix

In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:

ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"

This generates a new private/public RSA key pair with 4096 bit key size.
Please note: The part -C “HPCGATE,HPCLOGIN” creates the mandatory comment, which can be pasted into the web form.
Then ssh-keygen asks for a name for the key.

Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] 

After that you have to specify a passphrase - use a passphrase! . An empty passphrase is a serious security concern.

Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again] 

In this case you deviate from the default names and you ought make your ssh-agent aware of it:

ssh-add ~/Path/To/Your/PrivateKey

If you already have an SSH-Key pair, you can change the comment as follows, for example to add the HPCGATE,HPCLOGIN string if you have forgotten to append it:

ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey

If you only need to do this occasionally, you can use this command:

ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@<service-node>

Simply replace <username> with your ZDV-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes here.

You can also explicitly specify the SSH-Key for the connection:

ssh -i ~/Path/To/Private/Key -J <username>@hpcgate.zdv.uni-mainz.de -i ~/Path/To/Private/Key <username>@<service-node>

The SSH-Key for the jump host and the MOGON service node need not necessarily be identical. However, the SSH-Keys must have been added to your ZDV account and have the correct properties.

The ProxyJump option was added in OpenSSH 7.3 and is basically shorthand for the ProxyCommand. For OpenSSH versions less than 7.3. you can use the following command:

ssh -o ProxyCommand="ssh -W %h:%p <username>@hpcgate.zdv.uni-mainz.de" <username>@<service-node>

Simply replace <username> with your ZDV-username and <service-node> with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes here.

SSH Version

Check your SSH Client Version with ssh -V

If you need to login from the outside more often, you can configure your SSH client to perform these steps "automagically":

First edit your local ssh config (~/.ssh/config) and add all of the following lines, where the setting ForwardX11 yes is optional:

# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <username>
    IdentityFile ~/Path/To/Private/Key
 
# for access to MOGON II:
Host mogon
    HostName mogon
    User <username>
    ProxyJump hpcgate
    IdentityFile ~/Path/To/Private/Key

For example, you can now simply use:

ssh mogon

for access to a service node on MOGON I or II. (More information on the jumphost technique with ProxyCommand)

OpenSSH below 7.3

# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <username>
    IdentityFile ~/Path/To/Private/Key
 
# for access to MOGON II:
Host mogon
    HostName mogon
    User <username>
    IdentityFile ~/Path/To/Private/Key
    ProxyCommand ssh -W %h:%p hpcgate

For example, you can now simply use:

ssh mogon

In order to use the X11-forwarding, an X11-server should be installed in your system.

Warning!

X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project.

  • start/mogon_cluster/access_from_outside_unix.txt
  • Last modified: 2021/08/09 12:01
  • by meesters