Login servers

Available login servers  

There are four login servers available to access resources within JASMIN. Users with the jasmin-login access role can access the following servers via SSH .

Features of login servers  

Login servers have minimal resources and software installed. They provide:

• a means to access other resources within JASMIN (inside the STFC firewall)
• access to your home directory (/home/users/<username>)
• no analysis software
• no access to group workspaces

Recent changes  

• There is no longer any requirement for forward/reverse DNS lookup or any restriction by institutional domain.
• You no longer need to register non-*.ac.uk domains with the JASMIN team.
• This means all users can access all login servers (previously some users could only use particular ones)
• As before, no filesystems other than the home directory are mounted.
• Use only as a “hop” to reach other servers within JASMIN.
• Make sure your SSH client is up to date. Check the version with ssh -V. If it’s significantly older than OpenSSH_8.7p1, OpenSSL 3.0.7, speak to your local admin team as it may need to be updated before you can connect securely to JASMIN.

See also How to login and other articles in the Getting started category.

See also NoMachine NX service which provides login to a graphical Linux desktop, rather than a single terminal window.

How to use the login servers  

For full details of how to log in, including making onward connections to other machines, please see the article “How to login”.

Connecting to a sci server via a login server  

The connection via a login server can be done either with 2 hops, or using a login server as a Jump Host (-J):

• 2 hops method:

ssh -A fred@login-01.jasmin.ac.uk

ssh fred@sci-vm-01.jasmin.ac.uk
# no -A needed for this step, if no onward connections from sci server

# now on sci server

• Jump Host method:

ssh -A fred@sci-vm-01.jasmin.ac.uk -J fred@login-01.jasmin.ac.uk

# now on sci server

Alternatively, the same effect can be achieved with a ProxyJump directive in your local ~/.ssh/config file:

Host Sci1ViaLogin01
  User fred
  ForwardAgent yes
  HostName sci-vm-01.jasmin.ac.uk
  ProxyJump fred@login-01.jasmin.ac.uk

You could then simply connect to Sci1ViaLogin01:

ssh Sci1ViaLogin01

# now on sci server

If you don’t want to have to set up a separate alias for each machine that you want to log into, you can also set up a wildcard, for example:

Host *.jasmin.ac.uk
  User fred
  ForwardAgent yes

Host *.jasmin.ac.uk !login*.jasmin.ac.uk !xfer*.jasmin.ac.uk !nx*.jasmin.ac.uk
  ProxyJump login-01.jasmin.ac.uk

Then you when you connect to any JASMIN host (other than a login or transfer host), it will go via login-01:

ssh sci-vm-01.jasmin.ac.uk

# now on sci server

If on your local machine you have also set up a domain search path for hostname lookups that includes jasmin.ac.uk so that you can use short hostnames e.g. ssh sci-vm-01, then you will also need to add the following lines so that ssh converts these to full hostnames – otherwise the above wildcard will not match when you do this.

CanonicalizeHostname yes
CanonicalDomains jasmin.ac.uk

This sort of configuration is useful for connections needed by remote editing/development tools such as VSCode. The example above relies on having your key loaded locally in an ssh-agent.

An alternative is to include a line specifying the location of your key, so you’ll then be prompted for your passphrase whenever you connect:

Host Sci1ViaLogin01
  User fred
  ForwardAgent yes
  HostName sci-vm-01.jasmin.ac.uk
  ProxyJump fred@login-01.jasmin.ac.uk
  IdentityFile ~/.ssh/id_ecdsa_jasmin