SSH setup for submission of UM suites/UMUI jobs from PUMA to ARCHER2

1. Set up PUMA environment

If this is the first time you have used your PUMA account, you will need to create a .profile. Copy our standard one:

puma$ cd ~
puma$ cp ~um/um-training/setup/.profile .

(If you already have a .profile, make sure it includes the lines from the standard file.)

2. Generate the authentication key for use with Rose/Cylc suites and the UMUI

Run the following command to generate your archerum ssh key.

puma$ ssh-keygen -t rsa -b 4096 -C "ARCHER2 UM Workflow" -f ~/.ssh/id_rsa_archerum

When prompted to "Enter passphrase", this should be a fairly complicated and unguessable passphrase. You can use spaces in the passphrase if it helps you to remember it more readily. It is recommended that you don’t use your password in case it is hacked.

Your archerum key will be automatically picked up and sent to ARCHER2 to install. It may take up to 48 hours, excluding weekends, to become activated on ARCHER2.


  • DO NOT use an empty passphrase as this presents a security issue.
  • DO NOT regenerate your archerum ssh-key once you have a working one in place, unless absolutely necessary.
  • It may take up to 48 hours, excluding weekends, for your new key to be installed on ARCHER2.

3. Update ssh config file

In your PUMA ~/.ssh/config file add the following section:

User <archer2_username>
IdentityFile ~/.ssh/id_rsa_archerum
ForwardX11 no
ForwardX11Trusted no

Where <archer2_username> should be replaced with your ARCHER2 username.

4. Set up ssh-agent

Setting up ssh-agent allows caching of your archerum key passphrase for a period of time.

puma$ cp ~um/um-training/setup/ssh-setup ~/.ssh

Logout of PUMA and then back in again.

Add your archerum key to your ssh-agent by running:

puma$ ssh-add ~/.ssh/id_rsa_archerum
Enter passphrase for /home/<puma-username>/.ssh/id_rsa:

You will be prompted for your passphrase.

The ssh agent should keep running even when you log out of PUMA, however it may stop from time to time, for example if PUMA is rebooted.

5. Verify the setup is correct

Note: Only proceed to this step once your archerum key has been installed on ARCHER2.

Try logging into ARCHER with:

puma$ ssh

You should not be prompted for your passphrase. The response from ARCHER2 should be similar to:

PTY allocation request failed on channel 0
Comand rejected by policy. Not in authorised list
Connection to closed.

6. Specify as the ARCHER2 host

All Rose suites must submit to Specify as the host in the appropriate .rc file (suite.rc or archer2.rc). For example; host =

Last modified 7 months ago Last modified on 12/04/21 16:57:33