Jump hosts

The access nodes of Hummel-2 are called login gateways. The gateways separate the cluster from the outer world. They must be used to log into a front-end node of the actual cluster. The standard way is to call ssh twice (first from the personal computer to log into a gateway and second from a gateway to log into a front-end node).

The two ssh commands can be combined into a single one, e.g.:

$ ssh -t bxy1234@hummel3.rrz.uni-hamburg.de ssh front1

The corresponding command, where hummel3 is employed as a jump host, looks similar:

$ ssh -J bxy1234@hummel3.rrz.uni-hamburg.de bxy1234@front1

However, that command might not work without configuring the jump host in the SSH configuration file ~/.ssh/config.

These are useful settings in ~/.ssh/config on the personal computer:

Host hummel3
    HostName hummel3.rrz.uni-hamburg.de
    User bxy1234
    IdentityFile /path/to/private/key-for-hummel
Host hummel4
    HostName hummel4.rrz.uni-hamburg.de
    User bxy1234
    IdentityFile /path/to/private/key-for-hummel
Host hummel2-front1
    ProxyJump hummel3
    HostName hummel2-front1
    User bxy1234
    IdentityFile /path/to/private/key-for-hummel
Host hummel2-front2
    ProxyJump hummel4
    HostName hummel2-front2
    User bxy1234
    IdentityFile /path/to/private/key-for-hummel

With these settings one can directly log into front-end nodes with short commands:

$ ssh hummel2-front1
$ ssh hummel2-front2

Technically, a jump host just passes network traffic to the destination host (a front-end node). In contrast to the standard way mentioned above there is no login session on a jump host.

Note that on Hummel-2 it not necassary to deal with the SSH authorized_keys file, which in general is necessary on the destination host when employing a jump host.