SSH login to UI via Jumphost for users on macOS, Linux or Unix
The following assumes:
- your request for an account was approved and processed.
- you configured your OpenSSH client using the instructions for either macOS or Linux/Unix depending on your OS.
Log in to Fender on the commandline in a Terminal
Note: If you only need to transfer data and prefer a Graphical User Interface (GUI), you can skip the instructions for working on the commandline below and go straight to Keep - What is stored where on Fender and Data transfers - How to move data to / from Fender
If you want to transfer data using the commandline or analyze data on the cluster using jobs:
-
You can login to the UI named
fender
with the account as specified in your${HOME}/.ssh/conf.d/fender
via the Jumphost namedcorridor
using the aliascorridor+fender
. Type the following command in a terminal:ssh corridor+fender
-
In order to override the account name specified in your
${HOME}/.ssh/conf.d/fender
you can use:ssh some_other_account@corridor+fender
-
If necessary, you can do tripple hops starting with a Jumphost like this:
ssh jumphost+intermediate_server+destination_server
-
In case you are on a network where the default port for SSH (22) is blocked by a firewall you can try to setup SSH over port 443, which is the default for HTTPS and almost always allowed, using an alias like this:
ssh corridor443+fender
Frequent Asked Questions (FAQs) and trouble shooting
- Q: Why do I get the error
Bad configuration option: IgnoreUnknown
?
A: Your OpenSSH client is an older one that does not understand theIgnoreUnknown
configuration option. You have to comment/disable the
# Generic stuff: only for macOS clients
section listed at the top of the${HOME}/.ssh/conf.d/fender
config file. - Q: Why do I get the error
muxserver_listen bind(): No such file or directory.
?
A: You may have failed to create the${HOME}/.ssh/tmp
folder or the permissions on this folder are wrong. - Q: Why do I get the error
ControlPath too long
?
A: TheControlPath ~/.ssh/tmp/%C
line in your${HOME}/.ssh/conf.d/fender
file expands to a path that is too long. Change theControlPath
line in your${HOME}/.ssh/conf.d/fender
file to create a shorter path for the automagically created sockets. - Q: Why do I get the error
ssh_exchange_identification: Connection closed by remote host
?
A: Either this server does not exist (anymore). You may have a typo in the name of the server you are trying to connect to. Check both the command you typed as well as your${HOME}/.ssh/conf.d/fender
for typos in server names.
Or you are using the wrong private key. If your private key is not saved with the default name in the default location, check if the correct private key file is specified both for theProxyCommand
andIdentityFile
directives in your${HOME}/.ssh/conf.d/fender
. -
Q: Why do I get the error
Permission denied (publickey).
?
A: This error can be caused by various configuration issues:- Either you are using the wrong account name
- or you are using the wrong private key file
- or the permissions on your
${HOME}/.ssh/
dir and/or on its content are wrong -
or your account is misconfigured on our account server.
Firstly, check your account name, private key and permissions.
Secondly, check if you can login to the Jumphost with a single hop usingssh corridor
-
If you can login to the Jumphost, but cannot use double hop SSH to login to the UI via the Jumphost, you may have to add your private key to the SSH agent on you local machine. To check which private key(s) are available to your SSH agent you can list them with on your local computer with:
ssh-add -l
-
If you cannot login and get:
The agent has no identities.
then you have to add your private key with the
ssh-add
command, which should return output like this:Identity added: /path/to/your/home/dir/.ssh/id_ed25519 (key_comment)
Your private key should now be listed when you check with
ssh-add -l
, which should look like this:256 SHA256:j/ZNnUvHYW3U$wgIapHw73SnhojjxlWkAcGZ6qDX6Lw key_comment (ED25519)
-
If that did not resolve the issue, then increase the verbosity to debug connection problems (see below).
-
Q: Can I increase the verbosity to debug connection problems?
A: Yes try adding-vvv
like this:
ssh -vvv youraccount@corridor+fender
If that does not help to figure out what is wrong please contact the helpdesk and- Do include:
- The command you used for your failed login attempt
- The output of that failed login attempt with
-vvv
debugging enabled - A copy of your
${HOME}/.ssh/config
file. - A copy of your
${HOME}/.ssh/conf.d/fender
file.
- Never ever send us your private key; It does not help to debug your connection problems, but will render the key useless as it is no longer private.
- Do include:
Back to operating system independent instructions for logins