SSH Keys Pilot: Difference between revisions
(Created page with "== SSH Keys Pilot Milestones == '''November 1, 2021''': Authentication via SSH keys will only be allowed via the new CCDB feature (i.e. keys in the .ssh/authorized_keys file...") |
No edit summary |
||
| Line 1: | Line 1: | ||
A few months ago, a new feature was developed that allows users to easily upload their public SSH key to their CCDB account, which can then be used to login to any of the Compute Canada clusters (Cedar, Graham, Béluga and Niagara/Mist). This new feature is part of a continuous improvement of security within the Compute Canada Federation. | |||
We are now taking this one step further and evaluating the possibility of restricting authentication to the Compute Canada clusters using SSH keys only. A pilot involving a phased-in implementation of this restriction will run on Niagara/Mist in the following weeks. | |||
== SSH Keys Pilot Milestones == | == SSH Keys Pilot Milestones == | ||
Revision as of 14:27, 12 October 2021
A few months ago, a new feature was developed that allows users to easily upload their public SSH key to their CCDB account, which can then be used to login to any of the Compute Canada clusters (Cedar, Graham, Béluga and Niagara/Mist). This new feature is part of a continuous improvement of security within the Compute Canada Federation.
We are now taking this one step further and evaluating the possibility of restricting authentication to the Compute Canada clusters using SSH keys only. A pilot involving a phased-in implementation of this restriction will run on Niagara/Mist in the following weeks.
SSH Keys Pilot Milestones[edit]
November 1, 2021: Authentication via SSH keys will only be allowed via the new CCDB feature (i.e. keys in the .ssh/authorized_keys file will no longer work).
Every Monday of November 2021: From 10:00AM East to noon, authentication will be restricted to SSH keys only.
December 1, 2021: Authentication will be restricted to SSH keys only.
After December 1, 2021: Feedback and lessons learned will be gathered.
What you need to do[edit]
If SSH keys are completely new to you, we invite you to consult the SSH keys drop-in session material: https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586
If you are already familiar with SSH keys, all you need to do is:
1. Create your SSH key pair from your workstation
2. Upload the SSH public key to your CCDB account:
https://ccdb.computecanada.ca/ssh_authorized_keys
Wait for a few minutes and authenticate to Niagara or Mist login nodes
3. Remove any entry in the .ssh/authorized_keys file. Note: this file may not exist, in which case you can skip this step.
4. Logout, then login again to Niagara or Mist login nodes
Additional documentation on SSH keys usage and best practices is also available here:
https://docs.computecanada.ca/wiki/SSH_Keys
https://docs.scinet.utoronto.ca/index.php/SSH_keys
How you can get further support[edit]
If you still have questions or need assistance after reading these documents, please register and join one of the following sessions:
Monday, 18th October, 12:00PM - 01:00PM East: In English (French supported for questions)
Friday, 29th October, 12:00PM - 01:00PM East: In French only
Monday, 15th November, 12:00PM - 01:00PM East: In English (French supported for questions)
Friday, 22nd November, 12:00PM - 01:00PM East: In English (French supported for questions)