SSH Keys Pilot: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Created page with "== SSH Keys Pilot Milestones == '''November 1, 2021''': Authentication via SSH keys will only be allowed via the new CCDB feature (i.e. keys in the .ssh/authorized_keys file...")
 
No edit summary
 
(39 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== SSH Keys Pilot Milestones ==
<languages />
<translate>


'''November 1, 2021''': Authentication via SSH keys will only be allowed via the new CCDB feature (i.e. keys in the .ssh/authorized_keys file will no longer work).
<!--T:1-->
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]], and [[Niagara |Niagara and Mist]]).  


'''Every Monday of November 2021''': From 10:00AM East to noon, authentication will be restricted to SSH keys only.
<!--T:2-->
We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on '''Niagara and Mist''' starting on January 24, 2022.


'''December 1, 2021''': Authentication will be restricted to SSH keys only.


'''After December 1, 2021''': Feedback and lessons learned will be gathered.
== Important dates == <!--T:3-->


<!--T:4-->
'''Starting on November 1, 2021''': Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in <tt>.ssh/authorized_keys</tt> no longer worked.


== What you need to do ==
<!--T:5-->
'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.


'''If SSH keys are completely new to you''', we invite you to consult the SSH keys drop-in session material:
<!--T:18-->
https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586
'''December 1, 2, 3 and 6, 7 2021''':  From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.


<!--T:19-->
'''December 8, 9, 10 and 13, 14, 15 2021''':  From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.


'''If you are already familiar with SSH keys''', all you need to do is:
<!--T:6-->
'''January 10-14, 17-21 2022''':  From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.


1. Create your SSH key pair from your workstation
<!--T:20-->
'''From January 24, 2022''': Authentication on '''Niagara and Mist''' will only be possible with SSH keys.


2. Upload the SSH public key to your CCDB account:
== What you need to do == <!--T:7-->
            https://ccdb.computecanada.ca/ssh_authorized_keys
Wait for a few minutes and authenticate to Niagara or Mist login nodes


3. Remove any entry in the .ssh/authorized_keys file. Note: this file may not exist, in which case you can skip this step.  
<!--T:8-->
To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.


4. Logout, then login again to Niagara or Mist login nodes
<!--T:9-->
'''If you know how to use SSH keys''',
# Create your SSH key pair from your workstation.
# Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist.
# If the <tt>.ssh</tt> folder in your <tt>$HOME</tt> directory contains a file named <tt>authorized_keys</tt>, it should be deleted.
# Log out of the cluster and log in again.


<!--T:10-->
Additional documentation on usage and best practices is also available in [[SSH Keys]]


Additional documentation on SSH keys usage and best practices is also available here:
== Support == <!--T:11-->


https://docs.computecanada.ca/wiki/SSH_Keys
<!--T:12-->
If you have questions or need assistance, please contact [[technical support]].


https://docs.scinet.utoronto.ca/index.php/SSH_keys


 
</translate>
 
== How you can get further support ==
 
If you still have questions or need assistance after reading these documents, please register and join one of the following sessions:
 
[https://education.scinet.utoronto.ca/course/view.php?id=1205 Monday, 18th October, 12:00PM - 01:00PM East: In English (French supported for questions)]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1206 Friday, 29th October, 12:00PM - 01:00PM East: In French only]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1207 Monday, 15th November, 12:00PM - 01:00PM East: In English (French supported for questions)]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1208 Friday, 22nd November, 12:00PM - 01:00PM East: In English (French supported for questions)]

Latest revision as of 20:15, 12 January 2022

Other languages:

In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters (Cedar, Graham, Béluga, and Niagara and Mist).

We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on Niagara and Mist starting on January 24, 2022.


Important dates[edit]

Starting on November 1, 2021: Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in .ssh/authorized_keys no longer worked.

Every Monday of November 2021: From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

December 1, 2, 3 and 6, 7 2021: From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

December 8, 9, 10 and 13, 14, 15 2021: From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

January 10-14, 17-21 2022: From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.

From January 24, 2022: Authentication on Niagara and Mist will only be possible with SSH keys.

What you need to do[edit]

To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.

If you know how to use SSH keys,

  1. Create your SSH key pair from your workstation.
  2. Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist.
  3. If the .ssh folder in your $HOME directory contains a file named authorized_keys, it should be deleted.
  4. Log out of the cluster and log in again.

Additional documentation on usage and best practices is also available in SSH Keys

Support[edit]

If you have questions or need assistance, please contact technical support.


Compute Canada Data Base

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=SSH_Keys_Pilot&oldid=109917"