Secure Shell (SSH)

Clients

on Linux and Mac, all tools are present. on Windows use one of these:

Bitvise SSH Client (for the SSH tunnel)
MobaXterm
Windows subsystem Linux (WSL), install, then install e.g. Ubuntu and install the openssh.
VSCode
Putty, Kitty, ...

Connect

How to connect from the Office or How to connect from abroad

Connect from the office by typing either of the following in a terminal. Replace [USERNAME] with your own.

ssh connections
ssh [USERNAME]@login.img.univie.ac.at
ssh [USERNAME]@aurora.img.univie.ac.at
ssh [USERNAME]@jet01.img.univie.ac.at
ssh [USERNAME]@jet02.img.univie.ac.at

There are multiple options for the ssh client, please explore these by yourself if needed. This option is sometimes needed to forward a window to your local computer (Linux, or advanced windows users):

The -X option enables X11 forwarding via ssh, i.e., permits opening graphical windows. On Windows you need to enter these details to the ssh client.

Consider using a ~/.ssh/config configuration file to allow easier access like this:

./ssh/config
Host *
    User [USERNAME]
    ServerAliveInterval 60
    ServerAliveCountMax 2

Host login
    HostName aurora.img.univie.ac.at

Host aurora
    HostName aurora.img.univie.ac.at

Host jet
    HostName jet01.img.univie.ac.at

Host login2jet
    HostName jet01.img.univie.ac.at
    ProxyJump login.img.univie.ac.at

and replacing [USERNAME] with your username. Using such a file allows to connect like this ssh login using the correct server adress and specified username.

Please note the special algorithms for ecaccess and of course ECMWF uses teleport now.

From eduroam: You should be able to log in as above.

From the outer world: use the VPN or login.img.univie.ac.at as jump host.

If you are a guest, you can apply for a guest u:account. This will give you access to eduroam and to the VPN. Your application needs to be endorsed by a staff member, who also determines the expiration date of the account. Please ask the sponsor first!

SSH Authentication with keys

Please add your ssh-keys via IPA

Find a solution Questions - How to use ssh-key authentication? or Questions - How to use an ssh-agent?

Connect Script

If you are using a terminal (Mac, Linux, WSL, ...) you can use the script Download: connect2jet like this:

Bash
connect2jet -g [Username]@login.img.univie.ac.at [Username]@jet01.img.univie.ac.at

connect2jet

Connect to Jet
#!/bin/bash
# By Michael Blaschek
# Date 18.01.2021
# CC BY 4.0 International
# University of Vienna, Austria

# Description:
# Connect to Jet via a gateway server

help() {
    cat <<EOF
$0 -g [gateway] -p [port] -r [remote-port] user@remote
Options:
  -h                Help
  -g [gateway]      gateway server, e.g. user@login.univie.ac.at
  -p [port]         port to forward from jet to local, e.g. VNC port
  -r [port]         remote port if not the same as port
  -d                debug

Example:
   $0 -g [U:Account-Username]@login.univie.ac.at [Jet-Username]@jet01.img.univie.ac.at

EOF
}

debug=''
while getopts "g:p:r:hd" flag; do
    case "${flag}" in
    g) gateway=${OPTARG} ;;
    p) port=${OPTARG} ;;
    r) rport=${OPTARG} ;;
    d) debug='-v';;
    h | *)
        help
        exit 0
        ;;
    esac
done
shift $((OPTIND - 1))
command=""
remote=$1
script=$(basename $0)

if [ "${remote}" == "" ]; then
    echo "Remote host required: [user]@[server]"
    help
    exit 1
fi

if [ -n "${port}" ]; then
    # -L local_port:destination_server_ip:remote_port
    if [ -n "${rport}" ]; then
        echo "Forwarding Port: $rport to $port"
        command="-L ${port}:localhost:${rport} "
    else
        echo "Forwarding Port: $port to $port"
        command="-L ${port}:localhost:${port} "
        rport=$port # make sure we use this
    fi

fi
# Override Term information to make sure we use the ones on the servers
# export TERM=xterm-256color
# Check if names are in .ssh/config
remote_status=false
gateway_status=false
if [ -e $HOME/.ssh/config ]; then
    # check if hosts are there
    cat $HOME/.ssh/config | grep -i 'Host ${remote}' >/dev/null
    if [ $? -eq 0 ]; then
        remote_status=true
    fi
    if [ -n ${gateway} ]; then
        cat $HOME/.ssh/config | grep -i 'Host ${gateway}' >/dev/null
        if [ $? -eq 0 ]; then
            gateway_status=true
        fi
    fi
fi

if [ -n "${gateway}" ]; then
    echo "$gateway" | grep '@' >/dev/null
    if [ $? -eq 1 ] && [ ! $gateway_status ]; then
        echo "Could fail if not: [user]@[server], trying: $gateway"
    fi
    if [ -n "${port}" ]; then
        echo "Using gateway: $gateway to $remote "
        midport=$(($RANDOM % 1000 + 20000))  # 20000 - 21000
        echo "Port Forwarding via the gateway: $port : $midport : $rport"
        ssh $debug -L ${port}:localhost:${midport} -t $gateway ssh -L ${midport}:localhost:${rport} ${remote}
        echo "$(date) | ssh -L ${port}:localhost:${midport} -t $gateway 'ssh -L ${midport}:localhost:${rport} ${remote}'" >>.${script}.log
    else
        echo "Using gateway: $gateway to $remote "
        ssh $debug $command -t $gateway ssh ${command} ${remote}
        echo "$(date) | ssh $command -t $gateway 'ssh ${command} ${remote}'" >>.${script}.log
    fi
else
    if [ ! $remote_status ]; then
        echo "Could fail if not: [user]@[server]"
    fi
    echo "Direct connection to: ${remote}"
    ssh $debug ${command} ${remote}
    echo "$(date) | ssh ${command} ${remote}" >>.${script}.log
fi
echo "Command Log in  .${script}.log"

There is also an option to forward a port, e.g. the VNC Port:

Bash
connect2jet -g [Username]@login.img.univie.ac.at -p 5901 [Username]@jet01.img.univie.ac.at

which allows you to connect to localhost:5901 and view the VNC session. Other gateway servers can be login.img.univie.ac.at

Tunneling

If you are connected to eduroam or you are on an external computer, you'll need to use an SSH tunnel. The instructions below refer to jet01, but you can do just the same with jet02.

On Linux, start Remmina, then:

Set "Server" to jet01.img.univie.ac.at:[DISPLAY] in the "Basic" tab
Move to the "SSH Tunnel" tab, checkout "Enable SSH Tunnel", "Same server at port 22" and specify your favourite SSH authentication method.
Save and connect.

On Windows, you can use Bitvise SSH Client (for the SSH tunnel) and the RealVNC VNC Viewer or MobaXterm.

Setup might be bit different for different clients, but all need these information:

Option Bitvise SSH Client/MobaXterm and RealVNC:

Start the SSH client
Go to tab "C2S" or SSH tunnels (port forwarding)
Set "Listen Interface" to 127.0.0.1
Set "Listening Port" to 5900+[DISPLAY], e.g., 5905
Set "Destination Host" to jet01.img.univie.ac.at
Set "Destination Port" to 5900+[DISPLAY]
Now start VncViewer and connect to 127.0.0.1:5900+[DISPLAY]

on Linux that is really simple:

ssh port forwarding
# REMOTEPORT -> to LOCALPORT
ssh LOCALPORT:localhost:REMOTEPORT USER@login
# connect to the local port

SSHFS

It is possible to mount your home directory to your personal computer on Linux via sshfs or using of course a dedicated remote file browser like: Filezilla, Cyberduck, ...

on Linux you need to install fuse2 and sshfs, the names might vary between distributions, but are all in the default repos.

Bash
# connect to srvx1 using your home directory and a login directory on your local computer
# mountserver [host] [remotedir] [localdir]
mkdir -p $HOME/login
mountserver [USER]@login.img.univie.ac.at /srvfs/home/[USER] $HOME/srvx1

If you login in to any of the IMGW Servers you will be greeted by a banner showing some information about the system. However, after some time you might not need that information anymore.

run the following and you will never see the banner again.

Bash
touch $HOME/.hushlogin

remove that file and you shall see it again.

Last update: July 16, 2024
Created: January 26, 2023