Bureaucrats, cc_docs_admin, cc_staff
2,306
edits
Automation in the context of multifactor authentication: Difference between revisions
Jump to navigation
Jump to search
Automation in the context of multifactor authentication (view source)
Revision as of 15:10, 19 October 2023
, 1 year agono edit summary
(Created page with "{{Draft}} Automated workflows which connect to the clusters without a human being present can not make use of a second factor. We are therefore deploying dedicated login nodes to be used for that purpose. These nodes will not require the use of a second factor, but will be otherwise much more limited than regular login nodes in terms of the type of authentication they accept and the type of action that they can be used for. = Increased security restrictions = == Availa...") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Draft}} | {{Draft}} | ||
Automated workflows which connect to the clusters without a human being present can not make use of a second factor. We are therefore deploying dedicated login nodes to be used for that purpose. These nodes will not require the use of a second factor, but will be otherwise much more limited than regular login nodes in terms of the type of authentication they accept and the type of action that they can be used | Automated workflows which connect to the clusters without a human being present can not make use of a second factor. We are therefore deploying dedicated login nodes to be used for that purpose. These nodes will not require the use of a second factor, but will be otherwise much more limited than regular login nodes in terms of the type of authentication they accept and the type of action that they can be used to perform. | ||
= Increased security restrictions = | = Increased security restrictions = | ||
== Available only by request == | == Available only by request == | ||
Users who need to make use of automated workflows for their research must first contact our [[Technical support]] to be allowed to use these nodes. When contacting us, please explain in | Users who need to make use of automated workflows for their research must first contact our [[Technical support]] to be allowed to use these nodes. When contacting us, please explain in detail the type of automation you intend to use as part of your workflow. Tell us what commands will be executed and what tools or libraries you will be using to manage the automation. | ||
== Available only through restricted SSH keys == | == Available only through restricted SSH keys == | ||
The only accepted mean of authentication to the automation nodes will be through [[SSH_Keys#Using_CCDB|SSH keys uploaded to the CCDB]]. SSH keys written in your <tt>.ssh/authorized_keys</tt> file are not accepted. In addition, the SSH keys <b>must</b> | The only accepted mean of authentication to the automation nodes will be through [[SSH_Keys#Using_CCDB|SSH keys uploaded to the CCDB]]. SSH keys written in your <tt>.ssh/authorized_keys</tt> file are not accepted. In addition, the SSH keys <b>must</b> obey the following constraints. | ||
=== <tt>restrict</tt> constraint === | === <tt>restrict</tt> constraint === | ||
| Line 16: | Line 16: | ||
=== <tt>command="COMMAND"</tt> constraint === | === <tt>command="COMMAND"</tt> constraint === | ||
The <tt>command="COMMAND"</tt> constraint forces the command <tt>COMMAND</tt> to be executed when the connection is established. This is so that you may restrict which | The <tt>command="COMMAND"</tt> constraint forces the command <tt>COMMAND</tt> to be executed when the connection is established. This is so that you may restrict which commands can be used with this key. | ||
== Convenience wrapper scripts to use for <tt>command=</tt> == | == Convenience wrapper scripts to use for <tt>command=</tt> == | ||