SSH Keys Pilot/en: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Updating to match new version of source page)
(Updating to match new version of source page)
Line 3: Line 3:
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara and Mist]]).  
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara and Mist]]).  


We are evaluating the possibility of enforcing authentication with SSH keys to access all of our clusters; therefore we will be conducting a pilot project beginning on November 1, 2021, which will involve '''Niagara and Mist'''.
We have received positive feedback from the community.


'''Update as of January 2022''': We have received positive feedback from the community with this pilot. We will be moving forward with authentication via SSH keys only. This change will be effective on MIST and Niagara on January 24, 2022.
SSH keys will be the only way to authenticate on Niagara and Mist starting January 24, 2022.




== Important dates ==
== Important dates ==


'''Starting on November 1, 2021''': Authentication on '''Niagara''' and '''Mist''' with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in <tt>.ssh/authorized_keys</tt> will no longer work.
'''Starting on November 1, 2021''': Authentication on Niagara and Mist with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in <tt>.ssh/authorized_keys</tt> will no longer work.


'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled.
'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.


'''December 1, 2, 3 and 6, 7 2021''':  From 09:00AM to 01:00PM Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled.
'''December 1, 2, 3 and 6, 7 2021''':  From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.


'''December 8, 9, 10 and 13, 14, 15 2021''':  From 09:00AM to 03:00PM Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled.
'''December 8, 9, 10 and 13, 14, 15 2021''':  From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.


'''January 10-14, 17-21 2022''':  From 10:00AM to 05:00PM Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled.
'''January 10-14, 17-21 2022''':  From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.


'''From January 24, 2022''': Authentication on '''Niagara''' and '''Mist''' will only be possible with SSH keys.
'''From January 24, 2022''': Authentication on Niagara and Mist will only be possible with SSH keys.


== What you need to do ==
== What you need to do ==
Line 36: Line 36:
== Support ==
== Support ==


If you still have questions or need assistance after reading these documents, please register and join one of the following sessions:
If you still have questions or need assistance after reading these documents, please contact [[technical support]].
 
[https://education.scinet.utoronto.ca/course/view.php?id=1209 Monday, October 25th, 03:00PM - 04:00PM ET: conducted in English with support for questions in French]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1205 Thursday, October 28th, 11:00AM - 12:00PM ET: conducted in English with support for questions in French]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1206 Friday, October 29th, 12:00PM - 01:00PM ET: conducted in French]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1207 Monday, November 15th, 12:00PM - 01:00PM ET: conducted in English with support for questions in French]
 
[https://education.scinet.utoronto.ca/course/view.php?id=1208 Friday, November 22nd, 12:00PM - 01:00PM ET: conducted in English with support for questions in French]

Revision as of 15:58, 10 January 2022

Other languages:

In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters (Cedar, Graham, Béluga and Niagara and Mist).

We have received positive feedback from the community.

SSH keys will be the only way to authenticate on Niagara and Mist starting January 24, 2022.


Important dates

Starting on November 1, 2021: Authentication on Niagara and Mist with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in .ssh/authorized_keys will no longer work.

Every Monday of November 2021: From 10:00AM to noon Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.

December 1, 2, 3 and 6, 7 2021: From 09:00AM to 01:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.

December 8, 9, 10 and 13, 14, 15 2021: From 09:00AM to 03:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.

January 10-14, 17-21 2022: From 10:00AM to 05:00PM Eastern time, authentication on Niagara and Mist will only be possible with SSH keys. Authentication using passwords will be disabled.

From January 24, 2022: Authentication on Niagara and Mist will only be possible with SSH keys.

What you need to do

To learn about SSH keys, see the drop-in sessions on https://support.scinet.utoronto.ca/education/go.php/586/index.php/ib/1//p_course/586.

If you know how to use SSH keys,

  1. Create your SSH key pair from your workstation.
  2. Upload your SSH public key to your CCDB account by connecting to https://ccdb.computecanada.ca/ssh_authorized_keys. After a few minutes, you should be able to authenticate on Niagara or Mist
  3. If the .ssh folder in your $HOME directory contains a file named authorized_keys, it should be deleted.
  4. Log out of the cluster and log in again.

Additional documentation on usage and best practices is also available in SSH Keys

Support

If you still have questions or need assistance after reading these documents, please contact technical support.