This section of the documentation focuses on how to use MFA at CSCS on Windows systems.
I. Using Windows PowerShell
A. Pre-requisites:
The ssh-agent service on windows must be running, to verify open the powershell as administrator and run the command
Get-Service ssh-agent
If not running or not activated, Please use the following commands,
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
B. Steps to follow:
- Fetch a signed key-pair Via the SSHService GUI or using git on the command line tool
- Copy the downloaded files to your preferred folder
\path\to\keys(you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)". - Start your Windows PowerShell from the start menu.
- Execute the following command to load the key to ssh-agent
ssh-add \path\to\keys\cscs-key
- Connect to CSCS systems by executing,
ssh -A cscs_username@ela.cscs.ch
- Jump to daint or eiger from ela using
ssh daint (or) ssh eiger
II.Using WLS/WLS2
A. Pre-requisites:
a. Fetch a signed key-pair Via the SSHService GUI or using git on the command line tool b. Copy the downloaded files to your preferred folder \path\to\keys (you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)".
B. Logon to WSL/WLS2 console and then follow the steps below,
- Copy the downloaded keys to .ssh folder
cp /mnt/path/to/keys/cscs-key* ~/.ssh/ - Set permissions on the keys as below,
chmod 600 ~/.ssh/cscs-key chmod 644 ~/.ssh/cscs-key.pub - Add key to ssh agent using the below command, (make sure ssh agent is up & running or run " eval
ssh-agent")ssh-add ~/.ssh/cscs-key - Connect to ela
ssh -A cscs_username@ela.cscs.ch - Jump from ela to daint or eiger, etc
ela> ssh daint or ssh eiger or ssh <system_name>
III.Using MobaXterm
Please follow the below instructions if you are using MobaXterm as SSH client,
A. Pre-requisite:
Re-Configure MobaXterm (A one off setting) The MobaXterm Internal ssh agent gives problems in forwarding ssh certificates, therefore we have to use the Putty ssh agent instead.
a. Download & run the ssh authentication agent from the putty download page (https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html), Copying here the direct link to pageant for your reference, https://the.earth.li/~sgtatham/putty/latest/w64/pageant.exe
b. Run the downloaded executable (it will run in the background)
c. Goto MobaXterm --> Settings --> Configuration --> SSH
d. Make sure that "Use external Pageant" is selected, You can disable the internal "MobAgent" (A restart of MobaXterm is necessary)Download the keys (Need to repeat this step if the keys got expired)
a. Fetch a signed key-pair Via the SSHService GUI or using git on the command line tool
b. Copy the downloaded files to an easily accessible folder for exampleC:\users\support\Downloads, you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)".
B. Connect to CSCS following the below steps,
Start a local MobaXterm terminal and follow the instructions as shown in the below screenshot example,
IV. WinSCP
The certificates should be loaded in pageant, for example using MobaXterm (see MobaXterm example from where you need to execute first 3 commands). Once the certificates are loaded, run the following command in a terminal to open a session on ela:
pageant.exe -c "C:\Program Files (x86)\WinSCP\WinSCP.exe" cscs_username@ela.cscs.ch
V. Using PuTTY
<<To be complete>> as CSCS testing the cases with Putty
Disclaimer:
The instructions and descriptions provided here have been made using specific Windows Desktop and client versions. Since there exists a multitude of Windows versions, your experience might vary. The information provided here merely presents the concepts. In case you encounter difficulties using MFA on your Windows system, contact your local IT department and provide them this documentation.