SSH Keys Pilot: Difference between revisions

Jump to navigation Jump to search

SSH Keys Pilot (view source)

Revision as of 16:26, 14 October 2021

60 bytes removed ,  3 years ago
no edit summary
No edit summary
Line 1: Line 1:
A few months ago, a new feature was developed that allows users to easily upload their public SSH key to their CCDB account, which can then be used to login to any of the Compute Canada clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara/Mist]]). This new feature is part of a continuous improvement of security within the Compute Canada Federation.  
In our continuous efforts to secure our national infrastructure, we have implemented a new feature in the CCDB whereby public SSH keys can be uploaded to your account and used to connect to our clusters ([[Cedar]], [[Graham]], [[Béluga/en|Béluga]] and [[Niagara |Niagara and Mist]]).  


We are now taking this one step further and evaluating the possibility of restricting authentication to the Compute Canada clusters using SSH keys only. A pilot involving a phased-in implementation of this restriction will run on '''Niagara/Mist''' in the following weeks.
We are evaluating the possibility of enforcing authentication with SSH keys to access all of our clusters; therefore we will be conducting a pilot project beginning on November 1, 2021, which will involve '''Niagara and Mist'''.


== Important dates ==


== Important dates in the SSH keys pilot program ==
'''Starting on November 1, 2021''': Authentication on '''Niagara''' and '''Mist''' with SSH keys will only accept keys that have been uploaded to the CCDB. Keys that are only in .ssh/authorized_keys will no longer work.


'''November 1, 2021''': Authentication to Niagara and Mist via SSH keys will only be allowed via the new CCDB feature.  That is, keys in the .ssh/authorized_keys file will not work.
'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication on '''Niagara and Mist''' will only be possible with SSH keys. Authentication using passwords will be disabled.


'''Every Monday of November 2021''': From 10:00AM to noon Eastern time, authentication will be restricted to SSH keys only.  That is, password authentication will not work.
'''Starting on December 1, 2021''': Depending on lessons learned, authentication on '''Niagara and Mist''' may be restricted to SSH keys only.
 
'''December 1, 2021''': Based on lessons learned, authentication may be restricted to SSH keys only.


== What you need to do ==
== What you need to do ==
Mboisson
Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/104699"

Navigation menu