SSH Keys Pilot: Difference between revisions
No edit summary |
No edit summary |
||
(12 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
<!--T:1--> | <!--T:1--> | ||
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara and Mist]]). | In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]], and [[Niagara |Niagara and Mist]]). | ||
<!--T:2--> | <!--T:2--> | ||
We | We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on '''Niagara and Mist''' starting on January 24, 2022. | ||
Line 15: | Line 12: | ||
<!--T:4--> | <!--T:4--> | ||
'''Starting on November 1, 2021''': Authentication on | '''Starting on November 1, 2021''': Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in <tt>.ssh/authorized_keys</tt> no longer worked. | ||
<!--T:5--> | <!--T:5--> | ||
'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on | '''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled. | ||
<!--T:18--> | <!--T:18--> | ||
'''December 1, 2, 3 and 6, 7 2021''': From 09:00AM to 01:00PM Eastern time, authentication on | '''December 1, 2, 3 and 6, 7 2021''': From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled. | ||
<!--T:19--> | <!--T:19--> | ||
'''December 8, 9, 10 and 13, 14, 15 2021''': From 09:00AM to 03:00PM Eastern time, authentication on | '''December 8, 9, 10 and 13, 14, 15 2021''': From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled. | ||
<!--T:6--> | <!--T:6--> | ||
'''January 10-14, 17-21 2022''': From 10:00AM to 05:00PM Eastern time, authentication on | '''January 10-14, 17-21 2022''': From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled. | ||
<!--T:20--> | <!--T:20--> | ||
'''From January 24, 2022''': Authentication on '''Niagara | '''From January 24, 2022''': Authentication on '''Niagara and Mist''' will only be possible with SSH keys. | ||
== What you need to do == <!--T:7--> | == What you need to do == <!--T:7--> | ||
Line 40: | Line 37: | ||
'''If you know how to use SSH keys''', | '''If you know how to use SSH keys''', | ||
# Create your SSH key pair from your workstation. | # Create your SSH key pair from your workstation. | ||
# Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist | # Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist. | ||
# If the <tt>.ssh</tt> folder in your <tt>$HOME</tt> directory contains a file named <tt>authorized_keys</tt>, it should be deleted. | # If the <tt>.ssh</tt> folder in your <tt>$HOME</tt> directory contains a file named <tt>authorized_keys</tt>, it should be deleted. | ||
# Log out of the cluster and log in again. | # Log out of the cluster and log in again. | ||
Line 50: | Line 47: | ||
<!--T:12--> | <!--T:12--> | ||
If you | If you have questions or need assistance, please contact [[technical support]]. | ||
[ | |||
[ | |||
</translate> | </translate> |
Latest revision as of 20:15, 12 January 2022
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters (Cedar, Graham, Béluga, and Niagara and Mist).
We evaluated the possibility of enforcing authentication with SSH keys to access all of our clusters and conducted a pilot project on Niagara and Mist. Having received positive feedback from the community, SSH keys will become the only way to authenticate on Niagara and Mist starting on January 24, 2022.
Important dates[edit]
Starting on November 1, 2021: Authentication on Niagara and Mist only accepted SSH keys that had been uploaded to the CCDB. Keys that were only in .ssh/authorized_keys no longer worked.
Every Monday of November 2021: From 10:00AM to noon Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
December 1, 2, 3 and 6, 7 2021: From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
December 8, 9, 10 and 13, 14, 15 2021: From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
January 10-14, 17-21 2022: From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist was only possible with SSH keys. Authentication using passwords was disabled.
From January 24, 2022: Authentication on Niagara and Mist will only be possible with SSH keys.
What you need to do[edit]
To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.
If you know how to use SSH keys,
- Create your SSH key pair from your workstation.
- Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist.
- If the .ssh folder in your $HOME directory contains a file named authorized_keys, it should be deleted.
- Log out of the cluster and log in again.
Additional documentation on usage and best practices is also available in SSH Keys
Support[edit]
If you have questions or need assistance, please contact technical support.