MOGON Login
How to connect with MOGON via SSH
- Ask your PI to add your JGU account to an HPC project.
- Generate your SSH keys using Windows or Linux/macOS .
- Add your public SSH key to your JGU account as demonstrated here .
- Prepare your smartphone for 2FA by installing freeOTP or privacyIDEA.
- Send an to the HPC Group from your JGU account.
- Complete the privacyIDEA configuration with an HPC admin.
- Log in to MOGON via SSH using our jump host.
Connecting on Windows
Using the MobaXterm SSH agent
Verify that the
ssh-agent
is running:If the
shh-agent
is not running, start it with:To have
ssh-agent
automatically start with Windows, you can execute (from elevated prompt):Add your new SSH key to the
ssh-agent
.Be sure to specify the correct path to the SSH key or go to the directory of the key before executing the command.
Verify that the
ssh-agent
utilizes the SSH keyCreate the following file
.ssh/config
with an editor and add the following lines:The path to your
IdentitiyFile
may be different. Please make sure the path is correct before you save the file.Start a new Session to a MOGON service node. For example, you can now simply use:
Done. You should now be able to log in to the various MOGON service nodes. You can add each login node to your
~/.ssh/config
file. A list of MOGON Service Nodes can be found here .
Connecting on Linux/macOS
For testing purposes, or if you only need to do this occasionally, you could use this command to connect to the MOGON NHR or MOGON KI cluster:
or in case you want to access MOGON II:
Simply replace <username>
with your JGU-username. Instead of mogon
, which will distribute users amongst login nodes, you could also supply the MOGON service-node directly, if you want to access a specific login node. An overview of the MOGON service nodes is given
here
.
You can also explicitly specify the SSH key for the connection:
The SSH key for the jump host and the MOGON service node do not necessarily need to be identical. However, the SSH keys must have been added to your JGU account and have the correct properties.
OpenSSH below version 7.3
The ProxyJump
option was added in OpenSSH 7.3 and is basically shorthand for the ProxyCommand
. For OpenSSH versions below 7.3. you can use the following command:
Simply replace <username>
with your JGU-username and <service-node>
with the MOGON service-node you want to access. You can find an overview of the MOGON service nodes
here
.
ssh -V
If you connect to a new remote location for the first time, you will be asked to confirm the identity of the server you are communicating with.
You can check the SSH Fingerprints of our service nodes in the table below. Confirm by typing yes
or pasting the relevant fingerprint for an automatic verification.
SSH Fingerprints
On establishing a connection for the first time, you will be asked to confirm the identity of the server you are communicating with. Please compare indicated fingerprints to the ones listed below.
Cipher | Hash | Fingerprint |
---|---|---|
RSA | MD5 SHA256 | 92:8b:0d:af:53:27:09:b9:c0:13:a5:7c:47:5f:18:10 5/h9wmWi44ViIpMm1I/7Ox/vXZ/JYR2tM3QJ7QbFNDA |
ECDSA | MD5 SHA256 | e9:d9:54:5d:a3:ba:0e:d5:ce:e5:02:c0:70:8e:05:d2 pzKsg8DkGkzAxDw2n8Uggk/jbboSpNYi5w47LcXjTxk |
ED25519 | MD5 SHA256 | 63:67:65:76:5f:ad:fb:20:f2:68:92:cf:d5:49:2c:dc CNbkj04hEuJ9IwgGkTBXbF1WtE/Nb46kPVSejKUGfRU |
Cipher | Hash | Fingerprint |
---|---|---|
RSA | MD5 SHA256 | 39:38:c3:a0:3b:a4:7b:13:03:88:70:35:ca:3c:bd:48 MFyTochFLM9iue2D6qWreoQaJrtXITqyvAcXMQuI/ck |
ECDSA | MD5 SHA256 | da:e8:86:93:88:99:44:a5:1a:fb:5d:43:00:23:cc:08 4j1nbNKmElz7QbAkMokyoKPLAIjB7V4GVqJITObiFYA |
ED25519 | MD5 SHA256 | 68:e5:29:01:18:93:de:f4:0e:e0:54:48:1e:10:ed:51 i9ArPjn5yKQeIydO5FxQgO/A5xlnVkN4sPfMKUlXF0s |
Cipher | Hash | Fingerprint |
---|---|---|
RSA | MD5 SHA256 | 23:fc:f8:0d:5c:5b:f4:c2:5b:93:c0:a3:6a:2c:c5:a7 tSQKQ05IAPWTj0MKyZzSAqDAtotjWkCWr2s3XtvTiS0 |
ECDSA | MD5 SHA256 | fd:94:b7:64:15:e4:e9:64:b4:96:87:1f:64:b9:06:f2 nncHWMQPjZyzupZ7sAdNDSJpqB12Fl4DXoyq4s474ss |
ED25519 | MD5 SHA256 | 7f:a1:4c:5b:4e:47:ad:76:8c:be:63:c2:90:e5:aa:da 9leujhC1P8sOaWTEMF+eS8wldofFt15jrFp7sq+XIB0 |
Successful Connection Attempt
If your SSH setup is correct and enough time has passed for your uploaded public key to be spread throughout our system, a successful connection attempt is going to end with the prompt for your privacyIDEA password (TOTP value
).
To continue, you must have complete the second step of the onboarding process (setup of a mobile authenticator). Please enter the 6-digit TOTP value displayed on your phone.
Don’t use the same code more than once, in case you should ever be asked for the verification code twice. Sometimes privacyIDEA requests two successive TOTP values to automatically resynchronize your token.
Troubleshooting
In case of issues there are a few checks you might want to run before contacting us for further advice:
Is your SSH agent running?
Usually this happens automatically once you open the terminal, but you can start the SSH agent manually using the command eval $(ssh-agent -s)
on Linux or Get-Service ssh-agent
on Windows.Does your SSH agent find your key?
On Linux the command ssh-add -l
or ssh-add -L
displays identified keys. In case you did not deposit your key at the standard location, you can use this command to pass your key to the agent and avoid entering your passphrase again for this session.Has enough time passed for the public key to be known to MOGON?
Outside of working hours and on weekends it might take up to 1 or 2 hours before your key is registered.
Logging for PuTTY
The Logging configuration panel allows you to save log files of your PuTTY sessions, for debugging, analysis or future reference.