Skip to content

Secure Shell (SSH)

Clients

on Linux and Mac, all tools are present. on Windows use one of these:

Connect

How to connect from the Office or How to connect from abroad

Connect from the office by typing either of the following in a terminal. Replace [USERNAME] with your own.

ssh connections
1
2
3
4
ssh [USERNAME]@login.img.univie.ac.at
ssh [USERNAME]@aurora.img.univie.ac.at
ssh [USERNAME]@jet01.img.univie.ac.at
ssh [USERNAME]@jet02.img.univie.ac.at
There are multiple options for the ssh client, please explore these by yourself if needed. This option is sometimes needed to forward a window to your local computer (Linux, or advanced windows users):

The -X option enables X11 forwarding via ssh, i.e., permits opening graphical windows. On Windows you need to enter these details to the ssh client.

Consider using a ~/.ssh/config configuration file to allow easier access like this:

./ssh/config
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
Host *
    User [USERNAME]
    ServerAliveInterval 60
    ServerAliveCountMax 2

Host login
    HostName aurora.img.univie.ac.at

Host aurora
    HostName aurora.img.univie.ac.at

Host jet
    HostName jet01.img.univie.ac.at

Host login2jet
    HostName jet01.img.univie.ac.at
    ProxyJump login.img.univie.ac.at

and replacing [USERNAME] with your username. Using such a file allows to connect like this ssh login using the correct server adress and specified username.

Please note the special algorithms for ecaccess and of course ECMWF uses teleport now.

From eduroam: You should be able to log in as above.

From the outer world: use the VPN or login.img.univie.ac.at as jump host.

If you are a guest, you can apply for a guest u:account. This will give you access to eduroam and to the VPN. Your application needs to be endorsed by a staff member, who also determines the expiration date of the account. Please ask the sponsor first!

SSH Authentication with keys

Please add your ssh-keys via IPA

Find a solution Questions - How to use ssh-key authentication? or Questions - How to use an ssh-agent?

Connect Script

If you are using a terminal (Mac, Linux, WSL, ...) you can use the script Download: connect2jet like this:

Bash
1
connect2jet -g [Username]@login.img.univie.ac.at [Username]@jet01.img.univie.ac.at

connect2jet
Connect to Jet
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
#!/bin/bash
# By Michael Blaschek
# Date 18.01.2021
# CC BY 4.0 International
# University of Vienna, Austria

# Description:
# Connect to Jet via a gateway server

help() {
    cat <<EOF
$0 -g [gateway] -p [port] -r [remote-port] user@remote
Options:
  -h                Help
  -g [gateway]      gateway server, e.g. user@login.univie.ac.at
  -p [port]         port to forward from jet to local, e.g. VNC port
  -r [port]         remote port if not the same as port
  -d                debug

Example:
   $0 -g [U:Account-Username]@login.univie.ac.at [Jet-Username]@jet01.img.univie.ac.at

EOF
}

debug=''
while getopts "g:p:r:hd" flag; do
    case "${flag}" in
    g) gateway=${OPTARG} ;;
    p) port=${OPTARG} ;;
    r) rport=${OPTARG} ;;
    d) debug='-v';;
    h | *)
        help
        exit 0
        ;;
    esac
done
shift $((OPTIND - 1))
command=""
remote=$1
script=$(basename $0)

if [ "${remote}" == "" ]; then
    echo "Remote host required: [user]@[server]"
    help
    exit 1
fi

if [ -n "${port}" ]; then
    # -L local_port:destination_server_ip:remote_port
    if [ -n "${rport}" ]; then
        echo "Forwarding Port: $rport to $port"
        command="-L ${port}:localhost:${rport} "
    else
        echo "Forwarding Port: $port to $port"
        command="-L ${port}:localhost:${port} "
        rport=$port # make sure we use this
    fi

fi
# Override Term information to make sure we use the ones on the servers
# export TERM=xterm-256color
# Check if names are in .ssh/config
remote_status=false
gateway_status=false
if [ -e $HOME/.ssh/config ]; then
    # check if hosts are there
    cat $HOME/.ssh/config | grep -i 'Host ${remote}' >/dev/null
    if [ $? -eq 0 ]; then
        remote_status=true
    fi
    if [ -n ${gateway} ]; then
        cat $HOME/.ssh/config | grep -i 'Host ${gateway}' >/dev/null
        if [ $? -eq 0 ]; then
            gateway_status=true
        fi
    fi
fi

if [ -n "${gateway}" ]; then
    echo "$gateway" | grep '@' >/dev/null
    if [ $? -eq 1 ] && [ ! $gateway_status ]; then
        echo "Could fail if not: [user]@[server], trying: $gateway"
    fi
    if [ -n "${port}" ]; then
        echo "Using gateway: $gateway to $remote "
        midport=$(($RANDOM % 1000 + 20000))  # 20000 - 21000
        echo "Port Forwarding via the gateway: $port : $midport : $rport"
        ssh $debug -L ${port}:localhost:${midport} -t $gateway ssh -L ${midport}:localhost:${rport} ${remote}
        echo "$(date) | ssh -L ${port}:localhost:${midport} -t $gateway 'ssh -L ${midport}:localhost:${rport} ${remote}'" >>.${script}.log
    else
        echo "Using gateway: $gateway to $remote "
        ssh $debug $command -t $gateway ssh ${command} ${remote}
        echo "$(date) | ssh $command -t $gateway 'ssh ${command} ${remote}'" >>.${script}.log
    fi
else
    if [ ! $remote_status ]; then
        echo "Could fail if not: [user]@[server]"
    fi
    echo "Direct connection to: ${remote}"
    ssh $debug ${command} ${remote}
    echo "$(date) | ssh ${command} ${remote}" >>.${script}.log
fi
echo "Command Log in  .${script}.log"

There is also an option to forward a port, e.g. the VNC Port:

Bash
1
connect2jet -g [Username]@login.img.univie.ac.at -p 5901 [Username]@jet01.img.univie.ac.at
which allows you to connect to localhost:5901 and view the VNC session.

Tunneling

If you are connected to eduroam or you are on an external computer, you'll need to use an SSH tunnel. The instructions below refer to jet01, but you can do just the same with jet02.

On Linux, start Remmina, then:

  • Set "Server" to jet01.img.univie.ac.at:[DISPLAY] in the "Basic" tab
  • Move to the "SSH Tunnel" tab, checkout "Enable SSH Tunnel", "Same server at port 22" and specify your favourite SSH authentication method.
  • Save and connect.

On Windows, you can use Bitvise SSH Client (for the SSH tunnel) and the RealVNC VNC Viewer or MobaXterm.

Setup might be bit different for different clients, but all need these information:

Option Bitvise SSH Client/MobaXterm and RealVNC:

  • Start the SSH client
  • Go to tab "C2S" or SSH tunnels (port forwarding)
  • Set "Listen Interface" to 127.0.0.1
  • Set "Listening Port" to 5900+[DISPLAY], e.g., 5905
  • Set "Destination Host" to jet01.img.univie.ac.at
  • Set "Destination Port" to 5900+[DISPLAY]
  • Now start VncViewer and connect to 127.0.0.1:5900+[DISPLAY]

on Linux that is really simple:

ssh port forwarding
1
2
3
# REMOTEPORT -> to LOCALPORT
ssh LOCALPORT:localhost:REMOTEPORT USER@login
# connect to the local port

SSH config

On Linux the ssh processes can use a file $HOME/.ssh/config, which looks like this

ssh configuration
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Host *                                                                                                     
    IdentitiesOnly=yes
    ServerAliveInterval 60
    ServerAliveCountMax 20
    Compression yes
# will use any authentication possible (key, pass)
Host login
    Hostname login.img.univie.ac.at
    User [USERNAME]
# use a specific ssh-key for that connection
Host login-key
    Hostname login.img.univie.ac.at
    User [USERNAME]
    IdentityFile ~/.ssh/id_special
# force ssh to use password authentication
Host loginx
    HostName login.img.univie.ac.at
    User [USERNAME]
    PreferredAuthentications password
    PubkeyAuthentication no
# use login as a jump host to reach JET
Host login2jet1
    Hostname jet01.img.univie.ac.at
    User [USERNAME]
    ProxyJump login

and contains information on SSH connections. Look at the specific definitions from ECMWF.

SSHFS

It is possible to mount your home directory to your personal computer on Linux via sshfs or using of course a dedicated remote file browser like: Filezilla, Cyberduck, ...

on Linux you need to install fuse2 and sshfs, the names might vary between distributions, but are all in the default repos.

Bash
1
2
3
4
# connect to srvx1 using your home directory and a login directory on your local computer
# mountserver [host] [remotedir] [localdir]
mkdir -p $HOME/login
mountserver [USER]@login.img.univie.ac.at /srvfs/home/[USER] $HOME/srvx1

SSH Banner

If you login in to any of the IMGW Servers you will be greeted by a banner showing some information about the system. However, after some time you might not need that information anymore.

run the following and you will never see the banner again.

Bash
1
touch $HOME/.hushlogin
remove that file and you shall see it again.

Last update: February 19, 2025
Created: March 5, 2023