mogondoks

Setting Up SSH

Select your operating system and follow this guide to set up an SSH connection from your local computer to MOGON.

Onboarding Progress Checklist
  • Ask your PIPI stands for Principal Investigator, typically your project lead or supervisor who manages HPC access requests. to add your JGU account to an HPC project.
  • Generate an SSH key pair on your local machine.
  • Upload your public SSH key to your JGU account.
  • Prepare your smartphone for 2FA by installing freeOTP or privacyIDEA.
  • Send an e-mail to the HPC Group from your JGU account.
  • Complete the 2FA configuration with an HPC admin.
  • Log in to MOGON via SSH.

Generating SSH Keys

If you use WSLThe Windows Subsystem for Linux (WSL) lets you run a Linux environment on Windows. WSL2 (default) uses a lightweight virtual machine with a full Linux kernel for compatibility and performance. to connect to MOGON, please follow the instructions described in the Linux section.

The instructions below guide you through the process of creating your personal SSH key-pair using different tools. Choose the one you want to use and perform the specified steps.

  1. Press the Windows -Key to open the start menu and type PuTTYgen. Then, click on the app to open it. Now, the PuTTY Key Generator window should be displayed.

  1. Start MobaXterm and click on Tools in the menu. From there, select MobaKeyGen (SSH key generator).

  1. Start by opening PowerShell.Press the Windows key, type ‘PowerShell’, and press Enter.

  2. Verify OpenSSHOpenSSH is free software that enables secure connections to remote systems. is installed on your system. In the PowerShell, run:

    ssh -V

    If installed, you’ll see an output like below. Your version might vary - the steps should still work:

    OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2

    Run the following command to verify that the ssh-agent is running:

    Get-Service ssh-agent

    If it’s not running, start it:

    Start-Service ssh-agent

  3. To Navigate to your (hiddenThe .ssh directory is hidden because it starts with a dot (.), meaning it’s not visible in standard file listings or Explorer views. You can still access it directly, or show hidden files with ’ls -a’ in terminals or View > Show > Hidden items in Explorer.) .ssh directory:

    cd ~/.ssh/

    If the folder doesn’t exist (yet), create it by running:

    mkdir ~/.ssh

  4. Generate an SSH key pair by running this command in PowerShell:

    ssh-keygen -t ecdsa -b 521 -C "HPCGATE,HPCLOGIN"
    • -t ecdsa: Specifies the ECDSA algorithm
    • -b 521: Sets the key size
    • -C "HPCGATE,HPCLOGIN": Adds a comment

    Alternative: Use ed25519 if supported (faster/secure):

    ssh-keygen -t ed25519 -C "HPCGATE,HPCLOGIN"

    ssh-keygen will prompt for a file namePress Enter to confirm the default or provide an alternative. A meaningful name might be ~/<Your_USERNAME>/.ssh/id_ed25519_mogon_laptop.:

    Enter a file in which to save the key (C:\Users\<Your_USERNAME>/.ssh/id_ecdsa):

  5. Set a passphraseA passphrase is a sequence of words or text, longer and more secure than a single-word password, making it memorable yet strong (e.g., ‘MogonClusterSecureAccess2025’ or ‘correctHorseBatteryStaple’)… Hint: Don’t use these examples, create one yourself. of your choice - use one! An empty passphrase is a serious security concern. Note: Characters are maskedWhile typing your passphrase, characters are masked for security — no visible input appears, so just type normally and press Enter. while typing.

    Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

    You will receive an output confirming the successfull creation of your ssh key-pair looking like this:

    Your identification has been saved in C:\Users\<Your_USERNAME>/.ssh/id_ecdsa
Your public key has been saved in C:\Users\<Your_USERNAME>/.ssh/id_ecdsa.pub
The key fingerprint is:
SHA256:QmQpzFKweanCN4+xlIFLTAGwxiEQeSoYWOXEhzvAxxk HPCGATE,HPCLOGIN
The key's randomart image is:
+---[ECDSA 521]---+
|^@*E+ o.         |
|&+=*++.          |
|o@+oo..          |
|X .oo.           |
|++.*  . S        |
| .o *  .         |
|   o .           |
|                 |
|                 |
+----[SHA256]-----+

  6. To make the ssh-agentThe ssh-agent is a background program that securely stores and manages your SSH private keys, caching passphrases to avoid re-entering them during sessions. aware of your new key run the following commandIn case you deviated from the default location for your key you have to specify the full path to your file. Hint: Look at the terminal output of step 5 (line 1).:

    ssh-add

    When prompted, enter your key’s passphrase.

  7. To simplify remote logins we recommend to use a SSH configuration fileThe SSH configuration file (~/.ssh/config) customizes your SSH client settings, such as host aliases, usernames, key files, and proxy options, making connections simpler and more efficient.. You can create this file inside your .ssh directory using notepad by running:

    notepad C:/Users/<YOUR_WINDOWS_USERNAME>/.ssh/config

    Paste the configuration content below into the text editor’s window. Adjust the fileReplace <YOUR_JGU_USERNAME> with your actual JGU username (without the angular brackets) and update the IdentityFile line with the full path to your private key file. Hint: You can find the correct path in the terminal output shown in step 5 (line 1)., then save with Ctrl + s.

    Host hpcgate
  User <YOUR_JGU_USERNAME>
  HostName hpcgate.zdv.uni-mainz.de
  Port 22
  IdentityFile C:/Users/<YOUR_WINDOWS_USERNAME>/.ssh/id_ecdsa

Host mogon     
  HostName mogon-nhr-01.zdv.uni-mainz.de
  User <YOUR_JGU_USERNAME>
  Port 22
  IdentityFile C:/Users/<YOUR_WINDOWS_USERNAME>/.ssh/id_ecdsa
  ProxyCommand ssh.exe -W %h:%p -q hpcgate

  8. Open your SSH public key file SSH public key fileYou can find the correct path in the terminal output shown in step 5 in (line 2). Hint: It ends with .pub. You can do this using notepad:

    notepad C:/Users/<YOUR_WINDOWS_USERNAME>/.ssh/id_ecdsa.pub

    The notepad application will launch and display your public key. Please click into the notepad window and press Ctrl + a and Ctrl + c to copy the entire content. You will need this in the next section of this guide, which is the upload of your public key to your JGU account.

To generate an SSH key pair on Linux or MacOS, we use the inbuilt ssh-keygen. Open your terminal and:

  1. Run the command

    ssh-keygen -t ed25519 -C "HPCGATE,HPCLOGIN"
    • -t ed22519 → uses a modern, secure key type (recommended)
    • -C "HPCGATE,HPCLOGIN" → mandatory comment for proper key placement in our system.

  2. Choose where to save the key

    You will see a prompt like:

    Enter file in which to save the key (/home/user/.ssh/id_ed25519):

    Press Enter to confirm the default or provide an alternative.

  3. Set a passphrase of your choice

    Use a passphrase!A passphrase is a sequence of words or text, longer and more secure than a single-word password, making it memorable yet strong (e.g., ‘MogonClusterSecureAccess2025’ or ‘correctHorseBatteryStaple’)… Hint: Don’t use these examples, create one yourself. An empty one is a serious security concern. Note: Characters are maskedWhile typing your passphrase, characters are masked for security — no visible input appears, so just type normally and press Enter. while typing.

    Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

  4. Done!

    This created two files:

    • ~/.ssh/id_ed25519 → private key (keep this file secret!)
    • ~/.ssh/id_ed25519.pub → public key (save to share)

  5. Add key to an SSH agent (optional)

    To make the ssh-agentThe ssh-agent is a background program that securely stores and manages your SSH private keys, caching passphrases to avoid re-entering them during sessions. aware of your new key run the following command:

    eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

    This way, you don’t need to retype your passphrase multiple times within a session.

  6. Copy public key (for next step)

    Print the file to screen using:

    cat ~/.ssh/id_ed25519.pub

Modifying existing SSH Keys

If your existing key lacks the HPCGATE,HPCLOGIN comment, add it with:

ssh-keygen -c -C "HPCGATE,HPCLOGIN" -f ~/Path/To/Your/PrivateKey

Creating an SSH Configuration File

To simplify remote logins we recommend to use a SSH configuration fileThe SSH configuration file (~/.ssh/config) customizes your SSH client settings, such as host aliases, usernames, key files, and proxy options, making connections simpler and more efficient.. (The lines ForwardX11 yesX11-forwarding enables graphical apps from MOGON on your local display. are optional.) For this purpose edit ~/.ssh/config (create if needed) with:

nano ~/.ssh/config

Paste the configuration content below into the text editor’s window. Adjust the fileReplace <YOUR_JGU_USERNAME> with your actual JGU username (without the < > brackets) and update ~/Path/To/Private/Key with the full path to your SSH private key file. The default would be: ~/.ssh/id_ed25519, then save with Ctrl + o (confirm the filename with Enter), and exit with Ctrl + x.

# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <YOUR_JGU_USERNAME>    
    ForwardX11 yes    
    IdentityFile ~/Path/To/Private/Key

# for access to MOGON NHR and MOGON KI:
Host mogon-nhr
    HostName mogon-nhr-01
    User <YOUR_JGU_USERNAME>
    ProxyJump hpcgate    
    ForwardX11 yes    
    IdentityFile ~/Path/To/Private/Key
Config for OpenSSH below version 7.3 
# MOGON jump host
Host hpcgate
    HostName hpcgate.zdv.uni-mainz.de
    User <username>
    IdentityFile ~/Path/To/Private/Key

# for access to MOGON NHR and MOGON KI:
Host mogon
    HostName mogon-nhr-01
    User <username>
    IdentityFile ~/Path/To/Private/Key
    ProxyCommand ssh -W %h:%p hpcgate

Using X11-forwarding on macOS

In order to use the X11-forwarding, an X11-server should be installed on your system. X11 is no longer included with Mac, but X11 server and client libraries are available from the XQuartz project.

Uploading the Public Key

Onboarding Progress Checklist
  • Ask your PIPI stands for Principal Investigator, typically your project lead or supervisor who manages HPC access requests. to add your JGU account to an HPC project.
  • Generate an SSH key pair on your local machine.
  • Upload your public SSH key to your JGU account.
  • Prepare your smartphone for 2FA by installing freeOTP or privacyIDEA.
  • Send an e-mail to the HPC Group from your JGU account.
  • Complete the 2FA configuration with an HPC admin.
  • Log in to MOGON via SSH.

To make MOGON aware of your new SSH key, we use a web tool to transfer the public key to the server. Please note that it takes some time for these changes to propagate through our systems. During working hours it should take no more than 70 minutes.

  1. Browse to account.uni-mainz.de and use your JGU credentials for login.
  2. Paste the contents of your public SSH key into the SSH public key field.
  3. You can add further comments in the Comment or key name field to help you identify this key again at a later point in time.
  4. Please select HPCLOGIN as the key usage.
  5. Feel free to leave the duplicate HPCLOGIN as is, or delete it from the public key field.
  6. At last, please click on Save.
  7. The newly added SSH key should be displayed in the SSH key overview.
Last updated on May 18, 2026 from Felix Schlapp
Prev
Getting Started
Next
Activating 2FA