Bureaucrats, cc_docs_admin, cc_staff, rsnt_translations
2,837
edits
SSH Keys: Difference between revisions
Jump to navigation
Jump to search
Marked this version for translation
No edit summary |
(Marked this version for translation) |
||
| Line 210: | Line 210: | ||
[[Category:Connecting]] | [[Category:Connecting]] | ||
== Compromised SSH Keys == | == Compromised SSH Keys == <!--T:49--> | ||
<!--T:50--> | |||
An SSH key is '''compromised''' when an unauthorized individual has gained access, or may have gained access, to the ''private key'' component of an SSH key pair. | An SSH key is '''compromised''' when an unauthorized individual has gained access, or may have gained access, to the ''private key'' component of an SSH key pair. | ||
<!--T:51--> | |||
This can occur through various means, such as ''improper key management, theft'', or a ''security breach''. | This can occur through various means, such as ''improper key management, theft'', or a ''security breach''. | ||
<!--T:52--> | |||
When an SSH key is compromised it poses a significant security risk, as a malicious actor can use it to gain unauthorized access to systems and sensitive data. | When an SSH key is compromised it poses a significant security risk, as a malicious actor can use it to gain unauthorized access to systems and sensitive data. | ||
To mitigate the risk associated with compromised SSH keys, the Digital Research Alliance of Canada maintains a '''Key Revocation List (KRL)'''. | To mitigate the risk associated with compromised SSH keys, the Digital Research Alliance of Canada maintains a '''Key Revocation List (KRL)'''. | ||
<!--T:53--> | |||
The Key Revocation List is a registry of SSH keys that are no longer trusted, or are otherwise considered invalid. | The Key Revocation List is a registry of SSH keys that are no longer trusted, or are otherwise considered invalid. | ||
Any SSH key on the list cannot be used to access Alliance services. | Any SSH key on the list cannot be used to access Alliance services. | ||
<!--T:54--> | |||
If you discover that your SSH key has been compromised, it is ''imperative'' that you take immediate action. | If you discover that your SSH key has been compromised, it is ''imperative'' that you take immediate action. | ||
* Replace the compromised key with a new one to ensure that you can connect securely to Alliance services. | * Replace the compromised key with a new one to ensure that you can connect securely to Alliance services. | ||
* Remove the compromised key from ''all'' services (Alliance or other) to prevent unauthorized access or data breaches. | * Remove the compromised key from ''all'' services (Alliance or other) to prevent unauthorized access or data breaches. | ||
<!--T:55--> | |||
If you believe that your SSH key has been listed on the Key Revocation List in error, or if you have concerns or questions related to key revocation and access to Alliance services, contact our [[Technical support]] for assistance. They will be able to guide you through the resolution process and help ensure the continued security of your digital interactions with the Alliance services. | If you believe that your SSH key has been listed on the Key Revocation List in error, or if you have concerns or questions related to key revocation and access to Alliance services, contact our [[Technical support]] for assistance. They will be able to guide you through the resolution process and help ensure the continued security of your digital interactions with the Alliance services. | ||
Security is of paramount importance, and swift action in response to a compromised SSH key is essential to maintain the integrity of digital research and collaboration. | Security is of paramount importance, and swift action in response to a compromised SSH key is essential to maintain the integrity of digital research and collaboration. | ||
</translate> | </translate> | ||