Securing your account: Difference between revisions

Marked this version for translation
No edit summary
(Marked this version for translation)
Line 23: Line 23:
For technical details on implementing SSH keys for your account, please see [[SSH_Keys|this page]].
For technical details on implementing SSH keys for your account, please see [[SSH_Keys|this page]].


= Multifactor authentication =
= Multifactor authentication = <!--T:12-->
Multifactor authentication (MFA) allows you to protect your account with more than a password or SSH key. Once your account is configured to use this feature, you will need to enter your username and password or SSH key as usual, and then perform a second action (the second factor) to access most of our services. It is highly recommended to activate it on your account. Please cette the [[Multifactor authentication]] page for more details.
Multifactor authentication (MFA) allows you to protect your account with more than a password or SSH key. Once your account is configured to use this feature, you will need to enter your username and password or SSH key as usual, and then perform a second action (the second factor) to access most of our services. It is highly recommended to activate it on your account. Please cette the [[Multifactor authentication]] page for more details.


Line 41: Line 41:
* On clients that use OpenSSH (Linux, Mac and as an option under Windows), you can configure SSH behavior using ~/.ssh/config.  In particular, you can define system and even username-specific behavior, such as selecting specific keys to use, or automatically selecting advanced features such as X/port forwarding, and even ProxyJump.
* On clients that use OpenSSH (Linux, Mac and as an option under Windows), you can configure SSH behavior using ~/.ssh/config.  In particular, you can define system and even username-specific behavior, such as selecting specific keys to use, or automatically selecting advanced features such as X/port forwarding, and even ProxyJump.


== For the system you log in to == <!--T:11-->
== For the system you log in to == <!--T:11-->
One important advantage of using ssh keys is that the remote system only needs your public key.  This value is not sensitive, so there is no risk of disclosure.  If someone gets your public key, all they can do is give you additional access.
One important advantage of using ssh keys is that the remote system only needs your public key.  This value is not sensitive, so there is no risk of disclosure.  If someone gets your public key, all they can do is give you additional access.
* Avoid placing any private keys on remote machines, even encrypted ones.  An unencrypted key is equivalent to a password, and may be stolen or exposed inadvertantly.  An encrypted key is, by itself, not sensitive - except if you ever use it on that machine (at which point you are effectively trusting the machine.)
* Avoid placing any private keys on remote machines, even encrypted ones.  An unencrypted key is equivalent to a password, and may be stolen or exposed inadvertantly.  An encrypted key is, by itself, not sensitive - except if you ever use it on that machine (at which point you are effectively trusting the machine.)
Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837

edits