ECMWF teleport ssh configuration changes

ECMWF/README.md

@@ -98,18 +98,28 @@ You can set these variables in your `~/.bashrc` file to avoid typing these at ev
 
 It is highly advised to add this to your `.ssh/config`, although ECMWF has added some [information](https://confluence.ecmwf.int/display/UDOC/Teleport+SSH+Access+-+Linux+configuration) on that too:
 
+???+ warning "Teleport versions changed from 13 to 17, April 2025."
+
 ```conf title=".ssh/config"
-Host jump.ecmwf.int a?-* a??-* hpc-* hpc2020-* ecs-*
+Host *.jump-17.ecmwf.int jump-17.ecmwf.int* a?-* a??-* hpc-* ecs-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive*
     User [ECMWF USERNAME]
-  IdentityFile ~/.tsh/keys/jump.ecmwf.int/[MAIL ADDRESS]
-  CertificateFile ~/.tsh/keys/jump.ecmwf.int/[MAIL ADDRESS]/jump.ecmwf.int-cert.pub
-  HostKeyAlgorithms +ssh-rsa*,rsa-sha2-512
-  PubkeyAcceptedKeyTypes +ssh-rsa*
+    UserKnownHostsFile ~/.tsh/known_hosts
+    IdentityFile ~/.tsh/keys/jump-17.ecmwf.int/[MAIL ADDRESS]
+    CertificateFile ~/.tsh/keys/jump-17.ecmwf.int/[MAIL ADDRESS]-ssh/jump-17.ecmwf.int-cert.pub
     ServerAliveInterval 60
     TCPKeepAlive yes
  
-Host a?-* a??-* hpc-* hpc2020-* ecs-*
-  ProxyJump jump.ecmwf.int
+Host !jump-17.ecmwf.int *.jump-17.ecmwf.int
+    ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h
+ 
+Host hpc-login ecs-login
+    Hostname %h.jump-17.ecmwf.int
+    ProxyCommand tsh proxy ssh --cluster=jump-17.ecmwf.int --proxy=jump-17.ecmwf.int:443 %r@%h
+ 
+# Extra configuration for additional internal hosts through the main entry point
+Host a?-* a??-* hpc-* hpc2020-* lfc?-* ecf?-* ecflow-* ecinteractive* !hpc-login* !ecs-login* !*.jump-17.ecmwf.int*
+    ProxyJump hpc-login.jump-17.ecmwf.int
+    # Replace by ecs-login.jump-17.ecmwf.int if only ECS access
 ```
 
 ### SSH-agent