How to login

This article explains how to login to JASMIN. It covers:

  • Loading your private key into an SSH agent session
  • The JASMIN login servers
  • Logging in to JASMIN
  • X-forwarding for graphical applications
  • Where next?


ssh-agent is an utility that stores private keys and makes them available to other software that use the SSH protocol to connect to remote clients. We recommend that Windows users install MobaXtermin order to access the shell terminal which includes ssh-agent.

Loading your SSH private key into the ssh-agent session

There are two stages to loading your private key into  ssh-agent: start the agent and then add your private key. Use the following commands to do this:

$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_rsa_jasmin
Enter passphrase for /home/users/jpax/.ssh/id_rsa_jasmin:
Identity added: /home/users/jpax/.ssh/id_rsa_jasmin (/home/users/jpax/.ssh/id_rsa_jasmin)

When you run the ssh-add command you will be prompted to enter the passphrase that you specified when generating your SSH key pair.

NOTE: The ssh-agent session will persist until killed or until system shutdown, even if you close the terminal in which you set it up.

NOTE: If you get an error when attempting the above commands please see the article about login problems.

Mac users (OS X Leopard onwards) can optionally benefit from linking the SSH key to Keychain, which securely stores the passphrase as well. This means that even after a reboot, your SSH key is always available in any Terminal session automatically. See man ssh-add and look for the -K option, if available.

The JASMIN login servers

The login servers act as a gateway to JASMIN. For most interactive use of JASMIN you should connect to the login server as a hop to your required server. The JASMIN login server is:

If you are working on CEMS as an academic user:

If you are a commercial user of CEMS use:

Logging in to JASMIN

Assuming that you have loaded your SSH private key into an ssh-agent session then you can login to the a login server with:

$ ssh -A <user_id>@<login_server>

For example, user "jpax" might login to the JASMIN login server with:

$ ssh -A

The "-A" argument is important because it enables "agent-forwarding". This means that your the information about your SSH private key is forwarded to your remote session on the login server so that you can use it for further SSH connections. (Windows users can enable X-forwarding in MobaXterm saved sessions).

Can't login? Please check that you have been through the steps listed on the "Start here" page. Don't forget to check your network details.

The login message

When you first login you will see a message that provides some useful information (see figure 1).

Figure 1. The login message shown on

X-forwarding for graphical applications

Some applications require you to access graphical capabilities from a remote server, typically to run user interfaces or view images. You can instruct your SSH connection to enable forwarding of X-server capability by adding the -X argument to the ssh command, as follows:

$ ssh -X <user_id>@<server>

Note that the -X argument can be used in conjunction with the agent-forwarding-A argument.

Please note that this arrangement sends your graphical output back to your desktop machine over the network, so response times can be very slow. A more performant solution is currently being tested but is not operational yet.

Where next?

Having been through all the steps and logged in to JASMIN (well done!) you will be keen to do some real work. You could try the general purpose scientific analysis servers to get started. For example, from the JASMIN login server you might login to an analysis server such as:

$ ssh -A <user_id>

If you are asked for a password when trying to login it indicates that ssh key forwarding is not working correctly. Please check that you have followed the instructions for setting this up on your local machine. There is no point in trying to enter a password as only ssh keys are accepted.

Note that once you are logged into the JASMIN domain (i.e. the login server(s)) then you can omit the <user_id>@ prefix before the server name.

Still need help? Contact Us Contact Us