Setup on Linux/macOS

This tutorial guides you through the process of generating SSH keys on Linux/MacOS and shows you how to upload your public key to the JGU account website.

Generating SSH Keys#

Start by opening your terminal:

• Linux: Press Ctrl + Alt + T (common on Ubuntu, Fedora, etc.). Need help?
• macOS: Press Command + Space type “Terminal”, and press Enter.

Generate an SSH key pair by running this command in your terminal:

ssh-keygen -t ed25519 -C "HPCGATE,HPCLOGIN"

This creates a new key pair of type ed25519. The comment “HPCGATE,HPCLOGIN” is mandatory for proper key placement in our system.

ssh-keygen will prompt for a file name:

Enter file in which to save the key (/home/<Your_USERNAME>/.ssh/id_ed25519): [Press Enter]

Press Enter to confirm the default or provide an alternative. A meaningful name might be /home/<Your_USERNAME>/.ssh/id_ed25519_mogon_laptop.

Set a passphrase of your choice - use one! An empty passphrase is a serious security concern. Note: Characters are masked while typing.

Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

To make the ssh-agent aware of your new key run the following command:

ssh-add

In case you deviated from the default naming scheme, you need to explicitly provide the path to your key-file:

ssh-add ~/Path/To/Your/PrivateKey

To list the fingerprints of all loaded keys in the ssh-agent, run:

ssh-add -l

Modifying existing SSH Keys#

If your existing key lacks the HPCGATE,HPCLOGIN comment, add it with:

ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey

Creating an SSH Configuration File#

To simplify remote logins we recommend to use a ssh-configuration file. (The lines ForwardX11 yes are optional.) For this purpose edit ~/.ssh/config (create if needed) with:

nano ~/.ssh/config

Paste the configuration content below into the text editor’s window. Adjust the file, then save with Ctrl + o (confirm the filename with Enter), and exit with Ctrl + x.

# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <YOUR_JGU_USERNAME>    
    ForwardX11 yes    
    IdentityFile ~/Path/To/Private/Key

# for access to MOGON II:
Host mogon
    HostName mogon
    User <YOUR_JGU_USERNAME>
    ProxyJump hpcgate    
    ForwardX11 yes    
    IdentityFile ~/Path/To/Private/Key

# for access to MOGON NHR:
Host mogon-nhr
    HostName mogon-nhr-01
    User <YOUR_JGU_USERNAME>
    ProxyJump hpcgate    
    ForwardX11 yes    
    IdentityFile ~/Path/To/Private/Key

# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <username>
    IdentityFile ~/Path/To/Private/Key

# for access to MOGON:
Host mogon
    HostName mogon
    User <username>
    IdentityFile ~/Path/To/Private/Key
    ProxyCommand ssh -W %h:%p hpcgate

Using X11-forwarding on macOS#

In order to use the X11-forwarding, an X11-server should be installed on your system. X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project .

Uploading the Public Key#

To make MOGON aware of your new SSH key, we use a web-tool to transfer the public key to the server. Please note that it takes some time for these changes to propagate through our systems. During working hours it should take no more than 70 minutes.

1. Browse to account.uni-mainz.de and use your JGU credentials for login.
2. Paste the contents of your public SSH key into the SSH public key field.
3. You can add further comments in the Comment or key name field to help you identify this key again at a later point in time.
4. Please select HPCLOGIN as the key usage.
5. Feel free to leave the duplicate HPCLOGIN as is, or delete it from the public key field.
6. At last, please click on Save.
7. The newly added SSH key should be displayed in the SSH key overview.

Next Step: Setting up the Mobile Authenticator#

After completing all the steps above, please continue with the preparation of your smartphone or tablet for the two-factor authentication (2FA) by following the instructions in the Mobile Authenticator chapter.