Secure Shell (SSH)
Clients
on Linux and Mac, all tools are present. on Windows use one of these:
Connect
How to connect from the Office or How to connect from abroad
Connect from the office by typing either of the following in a terminal. Replace [USERNAME]
with your own.
ssh connections |
---|
| ssh [USERNAME]@login.img.univie.ac.at
ssh [USERNAME]@aurora.img.univie.ac.at
ssh [USERNAME]@jet01.img.univie.ac.at
ssh [USERNAME]@jet02.img.univie.ac.at
|
There are multiple options for the ssh client, please explore these by yourself if needed. This option is sometimes needed to forward a window to your local computer (Linux, or advanced windows users):
The -X
option enables X11 forwarding via ssh, i.e., permits opening graphical windows. On Windows you need to enter these details to the ssh client.
Consider using a ~/.ssh/config
configuration file to allow easier access like this:
./ssh/config |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | Host *
User [USERNAME]
ServerAliveInterval 60
ServerAliveCountMax 2
Host login
HostName aurora.img.univie.ac.at
Host aurora
HostName aurora.img.univie.ac.at
Host jet
HostName jet01.img.univie.ac.at
Host login2jet
HostName jet01.img.univie.ac.at
ProxyJump login.img.univie.ac.at
|
and replacing [USERNAME]
with your username. Using such a file allows to connect like this ssh login
using the correct server adress and specified username.
Please note the special algorithms for ecaccess and of course ECMWF uses teleport now.
From eduroam: You should be able to log in as above.
From the outer world: use the VPN or login.img.univie.ac.at
as jump host.
If you are a guest, you can apply for a guest u:account. This will give you access to eduroam and to the VPN. Your application needs to be endorsed by a staff member, who also determines the expiration date of the account. Please ask the sponsor first!
SSH Authentication with keys
Please add your ssh-keys via IPA
Find a solution Questions - How to use ssh-key authentication? or Questions - How to use an ssh-agent?
Connect Script
If you are using a terminal (Mac, Linux, WSL, ...) you can use the script Download: connect2jet like this:
Bash |
---|
| connect2jet -g [Username]@login.img.univie.ac.at [Username]@jet01.img.univie.ac.at
|
connect2jet
Connect to Jet |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105 | #!/bin/bash
# By Michael Blaschek
# Date 18.01.2021
# CC BY 4.0 International
# University of Vienna, Austria
# Description:
# Connect to Jet via a gateway server
help() {
cat <<EOF
$0 -g [gateway] -p [port] -r [remote-port] user@remote
Options:
-h Help
-g [gateway] gateway server, e.g. user@login.univie.ac.at
-p [port] port to forward from jet to local, e.g. VNC port
-r [port] remote port if not the same as port
-d debug
Example:
$0 -g [U:Account-Username]@login.univie.ac.at [Jet-Username]@jet01.img.univie.ac.at
EOF
}
debug=''
while getopts "g:p:r:hd" flag; do
case "${flag}" in
g) gateway=${OPTARG} ;;
p) port=${OPTARG} ;;
r) rport=${OPTARG} ;;
d) debug='-v';;
h | *)
help
exit 0
;;
esac
done
shift $((OPTIND - 1))
command=""
remote=$1
script=$(basename $0)
if [ "${remote}" == "" ]; then
echo "Remote host required: [user]@[server]"
help
exit 1
fi
if [ -n "${port}" ]; then
# -L local_port:destination_server_ip:remote_port
if [ -n "${rport}" ]; then
echo "Forwarding Port: $rport to $port"
command="-L ${port}:localhost:${rport} "
else
echo "Forwarding Port: $port to $port"
command="-L ${port}:localhost:${port} "
rport=$port # make sure we use this
fi
fi
# Override Term information to make sure we use the ones on the servers
# export TERM=xterm-256color
# Check if names are in .ssh/config
remote_status=false
gateway_status=false
if [ -e $HOME/.ssh/config ]; then
# check if hosts are there
cat $HOME/.ssh/config | grep -i 'Host ${remote}' >/dev/null
if [ $? -eq 0 ]; then
remote_status=true
fi
if [ -n ${gateway} ]; then
cat $HOME/.ssh/config | grep -i 'Host ${gateway}' >/dev/null
if [ $? -eq 0 ]; then
gateway_status=true
fi
fi
fi
if [ -n "${gateway}" ]; then
echo "$gateway" | grep '@' >/dev/null
if [ $? -eq 1 ] && [ ! $gateway_status ]; then
echo "Could fail if not: [user]@[server], trying: $gateway"
fi
if [ -n "${port}" ]; then
echo "Using gateway: $gateway to $remote "
midport=$(($RANDOM % 1000 + 20000)) # 20000 - 21000
echo "Port Forwarding via the gateway: $port : $midport : $rport"
ssh $debug -L ${port}:localhost:${midport} -t $gateway ssh -L ${midport}:localhost:${rport} ${remote}
echo "$(date) | ssh -L ${port}:localhost:${midport} -t $gateway 'ssh -L ${midport}:localhost:${rport} ${remote}'" >>.${script}.log
else
echo "Using gateway: $gateway to $remote "
ssh $debug $command -t $gateway ssh ${command} ${remote}
echo "$(date) | ssh $command -t $gateway 'ssh ${command} ${remote}'" >>.${script}.log
fi
else
if [ ! $remote_status ]; then
echo "Could fail if not: [user]@[server]"
fi
echo "Direct connection to: ${remote}"
ssh $debug ${command} ${remote}
echo "$(date) | ssh ${command} ${remote}" >>.${script}.log
fi
echo "Command Log in .${script}.log"
|
There is also an option to forward a port, e.g. the VNC Port:
Bash |
---|
| connect2jet -g [Username]@login.img.univie.ac.at -p 5901 [Username]@jet01.img.univie.ac.at
|
which allows you to connect to localhost:5901
and view the VNC session.
Tunneling
If you are connected to eduroam or you are on an external computer, you'll need to use an SSH tunnel. The instructions below refer to jet01, but you can do just the same with jet02.
On Linux, start Remmina, then:
- Set "Server" to
jet01.img.univie.ac.at:[DISPLAY]
in the "Basic" tab
- Move to the "SSH Tunnel" tab, checkout "Enable SSH Tunnel", "Same server at port 22" and specify your favourite SSH authentication method.
- Save and connect.
On Windows, you can use Bitvise SSH Client (for the SSH tunnel) and the RealVNC VNC Viewer or MobaXterm.
Setup might be bit different for different clients, but all need these information:
Option Bitvise SSH Client/MobaXterm and RealVNC:
- Start the SSH client
- Go to tab "C2S" or SSH tunnels (port forwarding)
- Set "Listen Interface" to
127.0.0.1
- Set "Listening Port" to
5900+[DISPLAY]
, e.g., 5905
- Set "Destination Host" to
jet01.img.univie.ac.at
- Set "Destination Port" to
5900+[DISPLAY]
- Now start VncViewer and connect to
127.0.0.1:5900+[DISPLAY]
on Linux that is really simple:
ssh port forwarding |
---|
| # REMOTEPORT -> to LOCALPORT
ssh LOCALPORT:localhost:REMOTEPORT USER@login
# connect to the local port
|
SSH config
On Linux the ssh processes can use a file $HOME/.ssh/config
, which looks like this
ssh configuration |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 | Host *
IdentitiesOnly=yes
ServerAliveInterval 60
ServerAliveCountMax 20
Compression yes
# will use any authentication possible (key, pass)
Host login
Hostname login.img.univie.ac.at
User [USERNAME]
# use a specific ssh-key for that connection
Host login-key
Hostname login.img.univie.ac.at
User [USERNAME]
IdentityFile ~/.ssh/id_special
# force ssh to use password authentication
Host loginx
HostName login.img.univie.ac.at
User [USERNAME]
PreferredAuthentications password
PubkeyAuthentication no
# use login as a jump host to reach JET
Host login2jet1
Hostname jet01.img.univie.ac.at
User [USERNAME]
ProxyJump login
|
and contains information on SSH connections. Look at the specific definitions from ECMWF.
SSHFS
It is possible to mount your home directory to your personal computer on Linux via sshfs
or using of course a dedicated remote file browser like: Filezilla, Cyberduck, ...
on Linux you need to install fuse2
and sshfs
, the names might vary between distributions, but are all in the default repos.
Bash |
---|
| # connect to srvx1 using your home directory and a login directory on your local computer
# mountserver [host] [remotedir] [localdir]
mkdir -p $HOME/login
mountserver [USER]@login.img.univie.ac.at /srvfs/home/[USER] $HOME/srvx1
|
SSH Banner
If you login in to any of the IMGW Servers you will be greeted by a banner showing some information about the system. However, after some time you might not need that information anymore.
run the following and you will never see the banner again.
remove that file and you shall see it again.
Last update:
February 19, 2025
Created:
March 5, 2023