Access MOGON from outside of the university network using UNIX
Generating a new SSH-Key using Linux or macOS
In case you not yet have an SSH-Key pair on your computer, you can use the following command to create a new pair:
ssh-keygen -t rsa -b 4096 -C "HPCGATE,HPCLOGIN"
This generates a new private/public RSA
key pair with 4096 bit
key size.
Please note: The part -C “HPCGATE,HPCLOGIN”
creates the mandatory comment, which can be pasted into the web form.
Then ssh-keygen
asks for a name for the key.
Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]
After that you have to specify a passphrase - use a passphrase! . An empty passphrase is a serious security concern.
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
In this case you deviate from the default names and you ought make your ssh-agent
aware of it:
ssh-add ~/Path/To/Your/PrivateKey
Modify existing SSH-Keys
If you already have an SSH-Key pair, you can change the comment as follows, for example to add the HPCGATE,HPCLOGIN
string if you have forgotten to append it:
ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey
Access
If you only need to do this occasionally, you can use this command:
ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@mogon
Simply replace <username>
with your JGU-username and <service-node>
with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .
You can also explicitly specify the SSH-Key for the connection:
ssh -i ~/Path/To/Private/Key -J <username>@hpcgate.zdv.uni-mainz.de -i ~/Path/To/Private/Key <username>@mogon
The SSH-Key for the jump host and the MOGON service node need not necessarily be identical. However, the SSH-Keys must have been added to your JGU account and have the correct properties.
OpenSSH below 7.3
The ProxyJump
option was added in OpenSSH 7.3
and is basically shorthand for the ProxyCommand
. For OpenSSH versions less than 7.3.
you can use the following command:
ssh -o ProxyCommand="ssh -W %h:%p <username>@hpcgate.zdv.uni-mainz.de" <username>@mogon
Simply replace <username>
with your JGU-username and <service-node>
with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes .
SSH Version
Check your SSH Client Version withssh -V
Using the SSH config file
If you need to login from the outside more often, you can configure your SSH client to perform these steps "automagically":
First edit your local ssh config (~/.ssh/config
) and add all of the following lines, where the setting ForwardX11 yes
is optional:
# MOGON jump host Host hpcgate HostName hpcgate.zdv.uni-mainz.de User <username> # turn on optionally for forwarding graphical user interfaces ForwardX11 yes # the next line is only mandatory, if you have chosen a non-standard name or path for your key files IdentityFile ~/Path/To/Private/Key # for access to MOGON II: Host mogon HostName mogon User <username> ProxyJump hpcgate # turn on optionally for forwarding graphical user interfaces ForwardX11 yes # the next line is only mandatory, if you have chosen a non-standard name or path for your key files IdentityFile ~/Path/To/Private/Key
For example, you can now simply use:
ssh mogon
for access to a service node on MOGON I or II. (More information on the jumphost technique with ProxyCommand)
OpenSSH below 7.3
# MOGON jump host Host hpcgate HostName hpcgate.zdv.uni-mainz.de User <username> IdentityFile ~/Path/To/Private/Key # for access to MOGON II: Host mogon HostName mogon User <username> IdentityFile ~/Path/To/Private/Key ProxyCommand ssh -W %h:%p hpcgate
For example, you can now simply use:
ssh mogon
Using X11-forwarding on MacOS
In order to use the X11-forwarding, an X11-server should be installed in your system.
Warning!
X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project.