SSH Keys: Difference between revisions

SSH Keys (view source)

Revision as of 12:56, 24 October 2023

293 bytes removed , 1 year ago

copy editing

Rdickson

Bureaucrats, cc_docs_admin, cc_staff

2,879

edits

@@ Line 211: / Line 211: @@
 == Compromised SSH Keys ==<!--T:8-->
-A compromised SSH key refers to a situation where unauthorized individuals gain access to the private key component, or a key has been (or may have been) accessed by an unauthorized third-party.
-This compromise can occur through various means, such as ''improper key management, theft'', or a ''security breach''.
+An SSH key is '''compromised''' when an unauthorized individual has gained access, or may have gained access, to the ''private key'' component of an SSH key pair.
-When an SSH key is compromised, it poses a significant security risk, as malicious actors can use it to gain unauthorized access to systems and sensitive data.
+This can occur through various means, such as ''improper key management, theft'', or a ''security breach''.
-To mitigate the risks associated with compromised SSH keys, the Digital Research Alliance of Canada maintains a '''Key Revocation List (KRL)'''.
-The '''Key Revocation List (KRL)''' is a registry of SSH keys that are no longer trusted or valid for any reason. due to compromise, security concerns, or other reasons.
+When an SSH key is compromised it poses a significant security risk, as a malicious actor can use it to gain unauthorized access to systems and sensitive data.
-Any SSH key that is listed on this revocation list is effectively barred from accessing Alliance services.
+To mitigate the risk associated with compromised SSH keys, the Digital Research Alliance of Canada maintains a '''Key Revocation List (KRL)'''.
+The Key Revocation List is a registry of SSH keys that are no longer trusted, or are otherwise considered invalid.
+Any SSH key on the list cannot be used to access Alliance services.
 If you discover that your SSH key has been compromised, it is ''imperative'' that you take immediate action.
+* Replace the compromised key with a new one to ensure that you can connect securely to Alliance services.
+* Remove the compromised key from ''all'' services (Alliance or other) to prevent unauthorized access or data breaches.
-First, you should replace the compromised key with a new one to ensure the security of your connections to Alliance services. Simultaneously, you should cease using the compromised key to access any other services to prevent potential unauthorized access or data breaches.
+If you believe that your SSH key has been listed on the Key Revocation List in error, or if you have concerns or questions related to key revocation and access to Alliance services, contact the support team at '''support@tech.alliancecan.ca''' for assistance. They will be able to guide you through the resolution process and help ensure the continued security of your digital interactions with the Alliance services.
+Security is of paramount importance, and swift action in response to a compromised SSH key is essential to maintain the integrity of digital research and collaboration.
-However, if you believe that your SSH key has been listed on the Key Revocation List in error, or if you have concerns or questions related to key revocation and access to Alliance Can services, we strongly recommend that you contact the support team at '''support@tech.alliancecan.ca'''''Italic text'' for assistance and clarification regarding your SSH key status. They will be able to guide you through the resolution process and help ensure the continued security of your digital interactions with the Alliance Can services.
-Security is of paramount importance, and swift action in response to a compromised SSH key is essential to maintain the integrity of digital research and collaboration.
 </translate>

SSH Keys: Difference between revisions

SSH Keys (view source)

Revision as of 12:56, 24 October 2023

Navigation menu

Search