Gateway machines

The gateway machines and provide ssh access to MPCDF computing resources. One should note that gatezero has no access to AFS. Thus, even the home directory $HOME will be local on that machine and very limited in size. SHA256 based key exchange methods are supported exclusively; a more recent version of your favourite ssh/sftp client software might be required in case connection attempts fail.

Their ssh key fingerprints are: (

SHA256:FMEK9sd2yd6U3TuQwRdOh6sgJU5WYyHGrLLC9MmuFAs (RSA)
SHA256:28HyXemglZTQgDWYBdqmRSloBpEjWgYNtdzEt6SSC4c (ED25519)

SHA256:zF/sNLAYqwwRlY3/lhb1A805pGiQiF3GhGP1bBCpvik (RSA)
SHA256:qjBJoqcJcCM0LyTqtj09BAxS74u81SizY9zob+XwEOA (ED25519)

Please note that gateafs (gate) supports password and GSSAPI authentication methods only, while gatezero additionally allows public keys for authentication.

If you intend to forward your Kerberos5 ticket from remote via GSSAPI, please ensure to pass 'GSSAPIDelegateCredentials=yes' to ssh.

These gateway machines are for login only, not for compiling or running applications; the module environment is also not supported. Compilers and batch systems are available on the Linux clusters and on the HPC system. If necessary, please apply for an account on these systems via the MPCDF helpdesk.


If you want to login directly to an internal machine, here named <TARGET> as user <MPCDF-USERNAME>, you can put following snippet into your ~/.ssh/config file:

ProxyCommand ssh -W %h:%p 2>/dev/null
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r

This supports GSSAPI, so with a Kerberos5 ticket on your machine, you can login to <TARGET> without typing the password again.

The corresponding Kerberos Client configuration is given here.

Document Actions