This section of the documentation focuses on how to use MFA at CSCS on Windows systems.
The ssh-agent service on windows must be running, to verify open the powershell as administrator and run the command
Get-Service ssh-agent
If not running or not activated, Please use the following commands,
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent
\path\to\keys (you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)".ssh-add \path\to\keys\cscs-key
ssh -A cscs_username@ela.cscs.ch
ssh daint (or) ssh eiger
a. Fetch a signed key-pair Via the SSHService GUI or using git on the command line tool b. Copy the downloaded files to your preferred folder \path\to\keys (you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)".
cp /mnt/path/to/keys/cscs-key* ~/.ssh/
chmod 600 ~/.ssh/cscs-key
chmod 644 ~/.ssh/cscs-key.pub
ssh-agent ")ssh-add ~/.ssh/cscs-key
ssh -A cscs_username@ela.cscs.ch
ela> ssh daint or ssh eiger or ssh <system_name>
Please follow the below instructions if you are using MobaXterm as SSH client,
Re-Configure MobaXterm (A one off setting) The MobaXterm Internal ssh agent gives problems in forwarding ssh certificates, therefore we have to use the Putty ssh agent instead.
a. Download & run the ssh authentication agent from the putty download page (https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html), Copying here the direct link to pageant for your reference, https://the.earth.li/~sgtatham/putty/latest/w64/pageant.exe
b. Run the downloaded executable (it will run in the background)
c. Goto MobaXterm --> Settings --> Configuration --> SSH
d. Make sure that "Use external Pageant" is selected, You can disable the internal "MobAgent" (A restart of MobaXterm is necessary)
Download the keys (Need to repeat this step if the keys got expired)
a. Fetch a signed key-pair Via the SSHService GUI or using git on the command line tool
b. Copy the downloaded files to an easily accessible folder for example C:\users\support\Downloads, you can perform that operation using the Windows Explorer or the command line. Make sure that the files do not contain any suffixes to the name. For example, it has to be "cscs-key" instead of "cscs-key(1)".
Start a local MobaXterm terminal and follow the instructions as shown in the below screenshot example,
The certificates should be loaded in pageant, for example using MobaXterm (see MobaXterm example from where you need to execute first 3 commands). Once the certificates are loaded, run the following command in a terminal to open a session on ela:
pageant.exe -c "C:\Program Files (x86)\WinSCP\WinSCP.exe" cscs_username@ela.cscs.ch
<<To be complete>> as CSCS testing the cases with Putty
Disclaimer:
The instructions and descriptions provided here have been made using specific Windows Desktop and client versions. Since there exists a multitude of Windows versions, your experience might vary. The information provided here merely presents the concepts. In case you encounter difficulties using MFA on your Windows system, contact your local IT department and provide them this documentation.