SSH login to UI via Jumphost for users on macOS, Linux or Unix

The following assumes:

Log in to Fender on the commandline in a Terminal

Note: If you only need to transfer data and prefer a Graphical User Interface (GUI), you can skip the instructions for working on the commandline below and go straight to Keep - What is stored where on Fender and Data transfers - How to move data to / from Fender

If you want to transfer data using the commandline or analyze data on the cluster using jobs:

  • You can login to the UI named fender with the account as specified in your ${HOME}/.ssh/conf.d/fender via the Jumphost named corridor using the alias corridor+fender. Type the following command in a terminal:

    ssh corridor+fender
    
  • In order to override the account name specified in your ${HOME}/.ssh/conf.d/fender you can use:

    ssh some_other_account@corridor+fender
    
  • If necessary, you can do tripple hops starting with a Jumphost like this:

    ssh jumphost+intermediate_server+destination_server
    
  • In case you are on a network where the default port for SSH (22) is blocked by a firewall you can try to setup SSH over port 443, which is the default for HTTPS and almost always allowed, using an alias like this:

    ssh corridor443+fender
    

Frequent Asked Questions (FAQs) and trouble shooting

  • Q: Why do I get the error Bad configuration option: IgnoreUnknown?
    A: Your OpenSSH client is an older one that does not understand the IgnoreUnknown configuration option. You have to comment/disable the
    # Generic stuff: only for macOS clients
    section listed at the top of the ${HOME}/.ssh/conf.d/fender config file.
  • Q: Why do I get the error muxserver_listen bind(): No such file or directory.?
    A: You may have failed to create the ${HOME}/.ssh/tmp folder or the permissions on this folder are wrong.
  • Q: Why do I get the error ControlPath too long?
    A: The ControlPath ~/.ssh/tmp/%C line in your ${HOME}/.ssh/conf.d/fender file expands to a path that is too long. Change the ControlPath line in your ${HOME}/.ssh/conf.d/fender file to create a shorter path for the automagically created sockets.
  • Q: Why do I get the error ssh_exchange_identification: Connection closed by remote host?
    A: Either this server does not exist (anymore). You may have a typo in the name of the server you are trying to connect to. Check both the command you typed as well as your ${HOME}/.ssh/conf.d/fender for typos in server names.
    Or you are using the wrong private key. If your private key is not saved with the default name in the default location, check if the correct private key file is specified both for the ProxyCommand and IdentityFile directives in your ${HOME}/.ssh/conf.d/fender.
  • Q: Why do I get the error Permission denied (publickey).?
    A: This error can be caused by various configuration issues:

    • Either you are using the wrong account name
    • or you are using the wrong private key file
    • or the permissions on your ${HOME}/.ssh/ dir and/or on its content are wrong
    • or your account is misconfigured on our account server.
      Firstly, check your account name, private key and permissions.
      Secondly, check if you can login to the Jumphost with a single hop using

        ssh corridor
      
      • If you can login to the Jumphost, but cannot use double hop SSH to login to the UI via the Jumphost, you may have to add your private key to the SSH agent on you local machine. To check which private key(s) are available to your SSH agent you can list them with on your local computer with:

          ssh-add -l
        
      • If you cannot login and get:

          The agent has no identities.
        

      then you have to add your private key with the ssh-add command, which should return output like this:

            Identity added: /path/to/your/home/dir/.ssh/id_ed25519 (key_comment)
      

      Your private key should now be listed when you check with ssh-add -l, which should look like this:

            256 SHA256:j/ZNnUvHYW3U$wgIapHw73SnhojjxlWkAcGZ6qDX6Lw key_comment (ED25519)
      

    If that did not resolve the issue, then increase the verbosity to debug connection problems (see below).

  • Q: Can I increase the verbosity to debug connection problems?
    A: Yes try adding -vvv like this:
    ssh -vvv youraccount@corridor+fender
    If that does not help to figure out what is wrong please contact the helpdesk and

    • Do include:
      1. The command you used for your failed login attempt
      2. The output of that failed login attempt with -vvv debugging enabled
      3. A copy of your ${HOME}/.ssh/config file.
      4. A copy of your ${HOME}/.ssh/conf.d/fender file.
    • Never ever send us your private key; It does not help to debug your connection problems, but will render the key useless as it is no longer private.

Back to operating system independent instructions for logins