SSH Keys Pilot: Difference between revisions

Latest revision as of 20:15, 12 January 2022

Other languages:

English
français

In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters (Cedar, Graham, Béluga, and Niagara and Mist).

We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on Niagara and Mist starting on January 24, 2022.

Important dates[edit]

Starting on November 1, 2021: Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in .ssh/authorized_keys no longer worked.

Every Monday of November 2021: From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

December 1, 2, 3 and 6, 7 2021: From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

December 8, 9, 10 and 13, 14, 15 2021: From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

January 10-14, 17-21 2022: From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

From January 24, 2022: Authentication on Niagara and Mist will only be possible with SSH keys.

What you need to do[edit]

To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.

If you know how to use SSH keys,

Create your SSH key pair from your workstation.
Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist.
If the .ssh folder in your $HOME directory contains a file named authorized_keys, it should be deleted.
Log out of the cluster and log in again.

Additional documentation on usage and best practices is also available in SSH Keys

Support[edit]

If you have questions or need assistance, please contact technical support.

@@ Line 1: / Line 1: @@
-A few months ago, a new feature was developed that allows users to easily upload their public SSH key to their CCDB account, which can then be used to login to any of the Compute Canada clusters (Cedar, Graham, Béluga and Niagara/Mist). This new feature is part of a continuous improvement of security within the Compute Canada Federation.
+<languages />
+<translate>
-We are now taking this one step further and evaluating the possibility of restricting authentication to the Compute Canada clusters using SSH keys only. A pilot involving a phased-in implementation of this restriction will run on Niagara/Mist in the following weeks.
+<!--T:1-->
+In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]], and [[Niagara |Niagara and Mist]]).
+<!--T:2-->
+We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on '''Niagara and Mist''' starting on January 24, 2022.
-== SSH Keys Pilot Milestones ==
-'''November 1, 2021''': Authentication via SSH keys will only be allowed via the new CCDB feature (i.e. keys in the .ssh/authorized_keys file will no longer work).
+== Important dates == <!--T:3-->
-'''Every Monday of November 2021''': From 10:00AM East to noon, authentication will be restricted to SSH keys only.
+<!--T:4-->
+'''Starting on November 1, 2021''': Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in <tt>.ssh/authorized_keys</tt> no longer worked.
-'''December 1, 2021''': Authentication will be restricted to SSH keys only.
+<!--T:5-->
+'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
-'''After December 1, 2021''': Feedback and lessons learned will be gathered.
+<!--T:18-->
+'''December 1, 2, 3 and 6, 7 2021''':  From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
+<!--T:19-->
+'''December 8, 9, 10 and 13, 14, 15 2021''':  From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
-== What you need to do ==
+<!--T:6-->
+'''January 10-14, 17-21 2022''':  From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
-'''If SSH keys are completely new to you''', we invite you to consult the SSH keys drop-in session material:
+<!--T:20-->
-https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586
+'''From January 24, 2022''': Authentication on '''Niagara and Mist''' will only be possible with SSH keys.
+== What you need to do == <!--T:7-->
-'''If you are already familiar with SSH keys''', all you need to do is:
+<!--T:8-->
+To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.
-. Create your SSH key pair from your workstation
+<!--T:9-->
+'''If you know how to use SSH keys''',
+# Create your SSH key pair from your workstation.
+# Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist.
+# If the <tt>.ssh</tt> folder in your <tt>$HOME</tt> directory contains a file named <tt>authorized_keys</tt>, it should be deleted.
+# Log out of the cluster and log in again.
-. Upload the SSH public key to your CCDB account:
+<!--T:10-->
-            https://ccdb.computecanada.ca/ssh_authorized_keys
+Additional documentation on usage and best practices is also available in [[SSH Keys]]
-Wait for a few minutes and authenticate to Niagara or Mist login nodes
-. Remove any entry in the .ssh/authorized_keys file. Note: this file may not exist, in which case you can skip this step.
+== Support == <!--T:11-->
-. Logout, then login again to Niagara or Mist login nodes
+<!--T:12-->
+If you have questions or need assistance, please contact [[technical support]].
-Additional documentation on SSH keys usage and best practices is also available here:
+</translate>
-https://docs.computecanada.ca/wiki/SSH_Keys
-https://docs.scinet.utoronto.ca/index.php/SSH_keys
-== How you can get further support ==
-If you still have questions or need assistance after reading these documents, please register and join one of the following sessions:
-[https://education.scinet.utoronto.ca/course/view.php?id=1205 Monday, 18th October, 12:00PM - 01:00PM East: In English (French supported for questions)]
-[https://education.scinet.utoronto.ca/course/view.php?id=1206 Friday, 29th October, 12:00PM - 01:00PM East: In French only]
-[https://education.scinet.utoronto.ca/course/view.php?id=1207 Monday, 15th November, 12:00PM - 01:00PM East: In English (French supported for questions)]
-[https://education.scinet.utoronto.ca/course/view.php?id=1208 Friday, 22nd November, 12:00PM - 01:00PM East: In English (French supported for questions)]

SSH Keys Pilot: Difference between revisions

Latest revision as of 20:15, 12 January 2022

Important dates[edit]

What you need to do[edit]

Support[edit]

Navigation menu

Search