MOGON Login

How to connect with MOGON via SSH

Connecting on Windows#

Putty

#

MobaXterm

#

PowerShell

#

Prev

1 2 3 4 5 6 7 8

Next

1. Before being able to transparently proxy your connection to MOGON service nodes through the HPCGATE, you need to connect to the host manually once and accept the SSH host key:

   Open PuTTY and enter <username>@hpcgate.zdv.uni-mainz.de in the Host Name field and use Port 22. Click on Open afterwards. When PuTTY prompts you for host key validation, accept it. Then close the window again.

2. Start a new PuTTY Session and enter the HostName of the MOGON service node you want to access. You can find an overview of the MOGON service nodes here . If you have no reason for connecting to a specific node, just enter mogon for MOGON II or mogon-nhr-02 for MOGON NHR.

3. In the menu on the left side, in the category Connection, select the subcategory Data. Fill in your <username> in the field Auto-login username.

4. Within the Proxy subcategory of Connection set Proxy type to local.
5. Fill in hpcgate.zdv.uni-mainz.de for the Proxy hostname and 22 for the Port.
6. Enter your <username> in the field Username.
7. Enter the following as your local proxy command:

   "C:\Program Files\PuTTY\plink.exe" -4 -P %proxyport -l %user %proxyhost -nc %host:%port

   Maybe the path to plink.exe is different on your system.

8. Within the Connection category select SSH and then the subcategory Auth. Make sure that Attempt authentication using Peagant is enabled and Allow agent forwarding is disabled.

9. Now go back to the Session category and enter a name for your session in the field under Saved Sessions. Click on Save to save the session profile for further use.

10. You will be asked to confirm the SSH Fingerprint again. Continue by clicking on Accept once you verified that the fingerprint matches.

11. A successful connection attempt is going to end with the prompt for your privacyIDEA password. You have to complete the next step of the onboarding procedure first before you can proceed (setup of a mobile authenticator).

Prev

1 2 3 4 5 6 7

Next

1. Start the application and click on the Session button to start a new session.

2. Choose SSH to start a new SSH session. The session you create is automatically saved.

3. Fill in the fields Remote Host and specify your <username>. Afterwards, go to the Advanced SSH setting tab.

4. Provide the path to your private SSH key. Then, click on the Network settings tab.

5. Click on the SSH gateway (jump host) button.

6. Use hpcgate.zdv.uni-mainz.de as the Gateway host and enter your <username>. Port is 22. Add the same SSH key as before and click on OK.

7. The configuration is now complete and you can click on OK.

Using the MobaXterm SSH agent

Prev

1 2 3 4

Next

1. Start MobaXterm and click on Settings

2. Now go to the SSH tab

3. Deactivate Use external Pageant and add your SSH key (*.ppk) by clicking on the plus sign. Once you are finished, click on OK

4. A window will now open and you will be asked to restart MobaXterm. You will then be asked for the passphrase once every time you start MobaXterm but can use the key in different sessions.

1. Verify that the ssh-agent is running:

   Get-Service ssh-agent

   If the shh-agent is not running, start it with:

   Start-Service ssh-agent

   To have ssh-agent automatically start with Windows, you can execute (from elevated prompt):

   Set-Service ssh-agent -StartupType Automatic

2. Add your new SSH key to the ssh-agent.

   ssh-add <YourNewPrivateKey>

   Be sure to specify the correct path to the SSH key or go to the directory of the key before executing the command.

3. Verify that the ssh-agent utilizes the SSH key

   ssh-add -l

4. Create the following file .ssh/config with an editor and add the following lines:

   Host hpcgate
     User <username>
     HostName hpcgate.zdv.uni-mainz.de
     Port 22
     IdentityFile C:/Users/<username>/.ssh/<YourNewPrivateKey>
   
   Host mogon
     HostName miil03.zdv.uni-mainz.de
     User <username>
     Port 22
     IdentityFile C:/Users/<username>/.ssh/<YourNewPrivateKey>
     ProxyCommand ssh.exe -W %h:%p -q hpcgate

   The path to your IdentitiyFile may be different. Please make sure the path is correct before you save the file.

5. Start a new Session to a MOGON service node. For example, you can now simply use:

   ssh mogon

6. Done. You should now be able to log in to the various MOGON service nodes. You can add each login node to your ~/.ssh/config file. A list of MOGON Service Nodes can be found here .

Connecting on Linux/macOS#

For testing purposes, or if you only need to do this occasionally, you could use this command to connect to the MOGON NHR cluster:

ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@mogon-nhr-02

or in case you want to access MOGON II:

ssh -J <username>@hpcgate.zdv.uni-mainz.de <username>@mogon

Simply replace <username> with your JGU-username. Instead of mogon, which will distribute users amongst login nodes, you could also supply the MOGON service-node directly, if you want to access a specific login node. An overview of the MOGON service nodes is given here .

You can also explicitly specify the SSH key for the connection:

ssh -i ~/Path/To/Private/Key -J <username>@hpcgate.zdv.uni-mainz.de -i ~/Path/To/Private/Key <username>@mogon

The SSH key for the jump host and the MOGON service node do not necessarily need to be identical. However, the SSH keys must have been added to your JGU account and have the correct properties.

ssh -o ProxyCommand="ssh -W %h:%p <username>@hpcgate.zdv.uni-mainz.de" <username>@mogon

If you connect to a new remote location for the first time, you will be asked to confirm the identity of the server you are communicating with.

The authenticity of host 'hpcgate.zdv.uni-mainz.de (2001:4c80:40:63c:4:86ff:fe5d:b22d)' can't be established.
ECDSA key fingerprint is SHA256:pzKsg8DkGkzAxDw2n8Uggk/jbboSpNYi5w47LcXjTxk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? █

You can check the SSH Fingerprints of our service nodes in the table below. Confirm by typing yes or pasting the relevant fingerprint for an automatic verification.

SSH Fingerprints#

On establishing a connection for the first time, you will be asked to confirm the identity of the server you are communicating with. Please compare indicated fingerprints to the ones listed below.

Successful Connection Attempt#

If your SSH setup is correct and enough time has passed for your uploaded public key to be spread throughout our system, a successful connection attempt is going to end with the prompt for your privacyIDEA password (TOTP value).

ssh mogon
6-digit-Verification-Code: █

To continue, you must have complete the second step of the onboarding process (setup of a mobile authenticator). Please enter the 6-digit TOTP value displayed on your phone.

Don’t use the same code more than once, in case you should ever be asked for the verification code twice. Sometimes privacyIDEA requests two successive TOTP values to automatically resynchronize your token.

Troubleshooting#

In case of issues there are a few checks you might want to run before contacting us for further advice:

Logging for PuTTY#

The Logging configuration panel allows you to save log files of your PuTTY sessions, for debugging, analysis or future reference.

Prev

1 2 3 4 5

Next

1. To access the PuTTY logging configuration panel click on Logging under the Session-section

2. The main option is a radio-button set that specifies whether PuTTY will log anything at all. The default option is None.

3. From the radio-button set we selected SSH packets and raw data. In this mode (which is only used by SSH connections), the SSH message packets sent over the encrypted connection are written to the log file (as well as Event Log entries). You might need this to debub a network-level problem. Be warned that if you log in using a password, the password can appear in the log file.

4. In the Log file name edit box you enter the name of the file you want to log the session to. The Browse button will let you choose a place to put the file. Alternatively you can type a pathname into the edit box.

5. The Log file name edit box has a few special features. If you use the &-character in the file name box, PuTTY will insert details of the current session in the name of the file it actually opens.

   • &Y will be replaced by the current year, as four digits.

   • &M will be replaced by the current month, as two digits.

   • &D will be replaced by the current day of the month, as two digits.

   • &T will be replaced by the current time, as six digits (HHMMSS) with no punctuation.

   • &H will be replaced by the host name you are connecting to (or the serial line, for serial connection).

   • &P will be replaced by the port number you are connecting to on the target host.

     Example:

     putty_&H_&Y&M&D_&T.log