Skip to content

European Center for Medium-Range Weather Forecast

website / service status / confluence / support / accounting

If you need access, talk to your supervisor to create an account for you. You will get a username and a password as well as an OTP device (hardware or smartphone). Accounts are handled via www.ecmwf.int

Available Services @ IMGW:

Connecting to ECMWF Services

A ECMWF user can connect to the ECS/ATOS using teleport, first load the teleport module and start the ssh-agent:

Using teleport
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
module load teleport
** INFO: Default jumphost now: jump.ecmwf.int
** INFO: Module loaded. SSH Agent required for login, run 'ssh-agentstart', 
**       or 'ssh-agentreconnect' ro reconnect to an existing agent.
**       run 'ssh-agent -k' to kill the agent.
         Login run: 'python3 -m teleport.login' and your ECMWF credentials.
         e.g. 'ssh -J <id>@jump.ecmwf.int <id>@ecs-login'
         Check certificates, run: 'tsh status'

# Activate the ssh-agent (required to store the key/certificate)
ssh-agentstart
# Check if it is running
ssh-add -l

once you have a running ssh-agent, run a browserless login via python

Connecting to ECMWF
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# Login to the default teleport jump host (shell.ecmwf.int) Reading
python3 -m teleport.login
tsh status
# run ssh agent again
ssh-add -l 
# now there should be two keys!!!
# Login to ECaccess in Bologna
ssh -J [user]@jump.ecmwf.int [user]@ecs-login
# Login to HPC ATOS
ssh -J [user]@jump.ecmwf.int [user]@hpc-login
# delete current certificates
tsh logout

Environment variables configuration:

  • ECMWF_USERNAME - The ECMWF Username
  • ECMWF_PASSWORD - The ECMWF Password
  • TSH_EXEC - The Teleport binary tsh path
  • TSH_PROXY - The ECMWF Teleport proxy

You can set these variables in your ~/.bashrc file to avoid typing these at every login. Please do not save your ECMWF_PASSWORD like this!

It is highly advised to add this to your .ssh/config:

.ssh/config
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
Host jump.ecmwf.int shell.ecmwf.int
    HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
    PubkeyAcceptedKeyTypes +ssh-rsa*
    User [ECMWF USERNAME]  
# For ecgate and Cray HPCF
Host ecg* cc*
    HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
    PubkeyAcceptedKeyTypes +ssh-rsa*
    User [ECMWF USERNAME]
    ProxyJump shell.ecmwf.int
# For Atos HPCF
Host a?-* a??-* hpc-* hpc2020-* ecs-*
    HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
    PubkeyAcceptedKeyTypes +ssh-rsa*
    User [ECMWF USERNAME]
    ProxyJump jump.ecmwf.int

SSH-agent

It is required to have an SSH-agent running in order to connect to the ECMWF servers. The teleport module includes a startagent function to allow to reconnect to an existing ssh-agent. Do not start too many agents!

start ssh-agent
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# load the module
module load teleport
# start a new agent or reconnect
ssh-agentstart
# or reconnect
ssh-agentreconnect
# unsure about agents?
userservices sshtools -h
# kill all
userservices sshtools -k

ECMWF Access Server (ECS)

There is an issue with ssh-keys

ECS fix ssh-key issue
1
2
3
4
5
6
# connect to ECS following the teleport login procedure above
ssh -J [user]@jump.ecmwf.int [user]@ecs-login
# Generate a new SSH key on ECS, no passphrase.
ssh-keygen -t ed25519
# Add the public key to your own authorized_keys on ECS/HPC
cat .ssh/id_ed25519.pub >> .ssh/authorized_keys

This will solve some ecaccess issues.

Connecting via ECaccess

using a local installation of ecaccess tools can be used to submit jobs and monitor jobs from a remote location. Documentation @ECMWF

ECAccess module
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# load the ecaccess module
module load ecaccess-webtoolkit/6.3.1
# all available tools 
ecaccess                       ecaccess-file-delete                          
ecaccess-association-delete    ecaccess-file-dir                             
ecaccess-association-get       ecaccess-file-get                             
ecaccess-association-list      ecaccess-file-mdelete                         
ecaccess-association-protocol  ecaccess-file-mget                            
ecaccess-association-put       ecaccess-file-mkdir                           
ecaccess-certificate-create    ecaccess-file-modtime                         
ecaccess-certificate-list      ecaccess-file-move                            
ecaccess-cosinfo               ecaccess-file-mput                            
ecaccess-ectrans-delete        ecaccess-file-put                             
ecaccess-ectrans-list          ecaccess-file-rmdir                           
ecaccess-ectrans-request       ecaccess-file-size                            
ecaccess-ectrans-restart       ecaccess-gateway-connected                    
ecaccess-event-clear           ecaccess-gateway-list                         
ecaccess-event-create          ecaccess-gateway-name                         
ecaccess-event-delete          ecaccess-job-delete                           
ecaccess-event-grant           ecaccess-job-get                              
ecaccess-event-list            ecaccess-job-list                             
ecaccess-event-send            ecaccess-job-restart                          
ecaccess-file-chmod            ecaccess-job-submit                           
ecaccess-file-copy             ecaccess-queue-list  
# First get a valid certificate to get access
ecaccess-certificate-create
#

ECaccess Gateway

The department is running a member state ecaccess gateway service.

There are two gateways:

Please use your ECMWF credentials to login. Documentation @ECMWF

Last update: February 1, 2024
Created: December 12, 2022