diff --git a/ECMWF/README.md b/ECMWF/README.md index c06d7cef11e30bf3986d70bd1318c5a29a229a47..92e47dfd739b729aa118d125223dcaebc38c312e 100644 --- a/ECMWF/README.md +++ b/ECMWF/README.md @@ -98,18 +98,28 @@ You can set these variables in your `~/.bashrc` file to avoid typing these at ev It is highly advised to add this to your `.ssh/config`, although ECMWF has added some [information](https://confluence.ecmwf.int/display/UDOC/Teleport+SSH+Access+-+Linux+configuration) on that too: +???+ warning "Teleport versions changed from 13 to 17, April 2025." + ```conf title=".ssh/config" -Host jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-* - User [ECMWF USERNAME] - IdentityFile ~/.tsh/keys/jump.ecmwf.int/[MAIL ADDRESS] - CertificateFile ~/.tsh/keys/jump.ecmwf.int/[MAIL ADDRESS]/jump.ecmwf.int-cert.pub - HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512 - PubkeyAcceptedKeyTypes +ssh-rsa* - ServerAliveInterval 60 - TCPKeepAlive yes - -Host a?-* a??-* hpc-* hpc2020-* ecs-* - ProxyJump jump.ecmwf.int +Host *.jump-17.ecmwf.int jump-17.ecmwf.int* a?-* a??-* hpc-* ecs-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive* + User [ECMWF USERNAME] + UserKnownHostsFile ~/.tsh/known_hosts + IdentityFile ~/.tsh/keys/jump-17.ecmwf.int/[MAIL ADDRESS] + CertificateFile ~/.tsh/keys/jump-17.ecmwf.int/[MAIL ADDRESS]-ssh/jump-17.ecmwf.int-cert.pub + ServerAliveInterval 60 + TCPKeepAlive yes + +Host !jump-17.ecmwf.int *.jump-17.ecmwf.int + ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h + +Host hpc-login ecs-login + Hostname %h.jump-17.ecmwf.int + ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h + +# Extra configuration for additional internal hosts through the main entry point +Host a?-* a??-* hpc-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive* !hpc-login* !ecs-login* !*.jump-17.ecmwf.int* + ProxyJump hpc-login.jump-17.ecmwf.int + # Replace by ecs-login.jump-17.ecmwf.int if only ECS access ``` ### SSH-agent