SSH Keys Pilot: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara and Mist]]). | |||
We are | We are evaluating the possibility of enforcing authentication with SSH keys to access all of our clusters; therefore we will be conducting a pilot project beginning on November 1, 2021, which will involve '''Niagara and Mist'''. | ||
== Important dates == | |||
'''Starting on November 1, 2021''': Authentication on '''Niagara''' and '''Mist''' with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in .ssh/authorized_keys will no longer work. | |||
'''November | '''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled. | ||
''' | '''Starting on December 1, 2021''': Depending on lessons learned, authentication on '''Niagara and Mist''' may be restricted to SSH keys only. | ||
''' | |||
== What you need to do == | == What you need to do == | ||
Revision as of 16:26, 14 October 2021
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters (Cedar, Graham, Béluga and Niagara and Mist).
We are evaluating the possibility of enforcing authentication with SSH keys to access all of our clusters; therefore we will be conducting a pilot project beginning on November 1, 2021, which will involve Niagara and Mist.
Important dates[edit]
Starting on November 1, 2021: Authentication on Niagara and Mist with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in .ssh/authorized_keys will no longer work.
Every Monday of November 2021: From 10:00AM to noon Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.
Starting on December 1, 2021: Depending on lessons learned, authentication on Niagara and Mist may be restricted to SSH keys only.
What you need to do[edit]
If SSH keys are completely new to you, we invite you to consult the SSH keys drop-in session material: https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586
If you are already familiar with SSH keys, all you need to do is:
1. Create your SSH key pair from your workstation
2. Upload the SSH public key to your CCDB account:
https://ccdb.computecanada.ca/ssh_authorized_keys
Wait for a few minutes and authenticate to Niagara or Mist login nodes
3. Remove any entry in the .ssh/authorized_keys file. Note: this file may not exist, in which case you can skip this step.
4. Logout, then login again to Niagara or Mist login nodes
Additional documentation on SSH keys usage and best practices is also available here:
https://docs.computecanada.ca/wiki/SSH_Keys
https://docs.scinet.utoronto.ca/index.php/SSH_keys
How you can get further support[edit]
If you still have questions or need assistance after reading these documents, please register and join one of the following sessions:
Monday, 25th October, 03:00PM - 04:00PM East: In English (French supported for questions)
Thursday, 28th October, 11:00AM - 12:00PM East: In English (French supported for questions)
Friday, 29th October, 12:00PM - 01:00PM East: In French only
Monday, 15th November, 12:00PM - 01:00PM East: In English (French supported for questions)
Friday, 22nd November, 12:00PM - 01:00PM East: In English (French supported for questions)