Ssh at ncmm
General info about ssh at UiO
ssh logins from the outside world to UiO's network are only allowed to a small select number of hosts, all of which require two-factor authentication for login. In order to ssh from home to one of NCMM's machines you need to go through one of these central login machines ("jump hosts").
NCMM config file
We provide an ~/.ssh/config file that simplifies a number of things for typical use by NCMM members:
- you can use short hostnames (e.g.,
ssh biotin4
instead ofssh biotin4.hpc.uio.no
) - you do not need to manually specify your UiO user name on the commandline, even if it differs from your local user name
- when off-campus, the configuration will automatically first go to a UiO login machine and then from there go to your target
- the connection to the UiO login machine is held up for 10 minutes after logging off, so a subsequent login shortly thereafter does not require you to go through two-factor authentication again
1)
If you already have an ed25519 ssh key pair, you can skip this step. If you are unsure, check for the existence of the file ~/.ssh/id_ed25519
.
If it is there, you have such a key pair and can proceed with step 2. Otherwise, run
ssh-keygen -t ed25519
on your local machine (laptop).
2) Upload your ed25519 public key to your UiO home directory by running (again, on your local machine)
ssh-copy-id -i ~/.ssh/id_ed25519.pub MYUIOUSERNAME@login.uio.no
(replacing MYUIOUSERNAME
with your UiO login name). If you are off-campus you will need to authenticate via 2FA.
3) Put the following into your ~/.ssh/config
file - make sure to replace MYUIOUSERNAME
with your UiO user name and ec-MYUIOUSERNAME
with your educloud user name if you use Educloud/Fox:
# NCMM ~/.ssh/config # define jumphost - we give it an alias name ("uio-loginhost") # so if this ever changes we only need to change the settings # in a single location Host uio-loginhost HostName login.uio.no # Control* *only* when coming from off-campus (it's mainly because of 2FA) - SO: Match host login.uio.no !exec "ifconfig -a | egrep -q 'inet 129.240' || egrep -q '^search.* internal.ncmm(| $)' /etc/resolv.conf" ControlMaster auto ControlPath ~/.ssh/controlsock-%r@%h:%p # for compatibility with GNOME file manager use the following instead # ControlPath /run/user/1000/gvfsd-sftp/%C ControlPersist 10m # expand hostnames Host biotin2 biotin3 biotin4 Hostname %h.hpc.uio.no Host hfaistos mathelier2 kuijjer2 waszak1 Hostname %h.uio.no # neither on uio fastnett nor internal network? => jump through uio jumphost Match host biotin2.hpc.uio.no,biotin3.hpc.uio.no,biotin4.hpc.uio.no,hfaistos.uio.no,mathelier2.uio.no,kuijjer2.uio.no,waszak1.uio.no !exec "ifconfig -a | egrep -q 'inet 129.240' || egrep -q '^search.* internal.ncmm(| $)' /etc/resolv.conf" ProxyJump uio-loginhost # default settings Host uio-loginhost,biotin2.hpc.uio.no,biotin3.hpc.uio.no,biotin4.hpc.uio.no,hfaistos.uio.no,mathelier2.uio.no,kuijjer2.uio.no,waszak1.uio.no User MYUIOUSERNAME Host fox.educloud.no fox Hostname fox.educloud.no User ec-MYUIOUSERNAME ControlMaster auto ControlPath ~/.ssh/controlsock-%r@%h:%p # for compatibility with GNOME file manager use the following instead # ControlPath /run/user/1000/gvfsd-sftp/%C ControlPersist 10m # other default settings Host * IdentityFile ~/.ssh/id_ed25519