SSH security improvements: Difference between revisions

Jump to navigation Jump to search

SSH security improvements (view source)

Revision as of 14:23, 24 July 2019

165 bytes added ,  5 years ago
merge two opening paragraphs, improve transparency for naive readers
No edit summary
(merge two opening paragraphs, improve transparency for naive readers)
Line 2: Line 2:


<translate>
<translate>
<!--T:37-->
SSH protects the information exchanged between a user and a remote server by encrypting the connection and verifying the identity of both parties through a server key (also called "host signature") and, for the user, either a password or a personal key. To address the risk of the connection being compromised by a third party on its clusters, Compute Canada requires all users to proceed with the updates described below.


<!--T:38-->
<!--T:38-->
[[File:Flowchart SSHD changes - Summer 2019 - v.f.jpg|thumb|center|SSH security improvements flowchart]]
[[File:Flowchart SSHD changes - Summer 2019 - v.f.jpg|thumb|SSH security improvements flowchart. Click for larger image.]]
 
<!--T:37-->
[[SSH]] is the software protocol that you use to connect to Compute Canada clusters.  It helps to protect the security of your data by verifying your identity to the server, verifying the server's identity to you, and encrypting the connection.  Because security risks evolve over time, Compute Canada will soon end support for certain SSH options which are no longer deemed secure.  You will have to make some changes on your part in order to continue using our clusters.  The changes are outlined in the flowchart to the right, and explained in greater detail below.


=SSH changes (Summer 2019)= <!--T:1-->
=SSH changes (Summer 2019)= <!--T:1-->


<!--T:2-->
<!--T:2
With constant increase in computing power over time, some encryption algorithms  
With constant increase in computing power over time, some encryption algorithms  
and protocols which were reasonably secure ten or fifteen years ago now pose an unacceptable risk of the connection being compromised by a third party. For this reason, Compute Canada is modifying its policies and practices regarding [[SSH]], the principal tool used to provide secure access to its clusters. Some users may have to update their SSH client software, some may have to generate a new public/private key-pair, and everyone will have to update the local copy of the "host key" which is used to identify each Compute Canada cluster.  
and protocols which were reasonably secure ten or fifteen years ago now pose an unacceptable risk of the connection being compromised by a third party. For this reason, Compute Canada is modifying its policies and practices regarding [[SSH]], the principal tool used to provide secure access to its clusters. Some users may have to update their SSH client software, some may have to generate a new public/private key-pair, and everyone will have to update the local copy of the "host key" which is used to identify each Compute Canada cluster.   -->


== What is changing? == <!--T:3-->
== What is changing? == <!--T:3-->
Rdickson
Bureaucrats, cc_docs_admin, cc_staff
2,879

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/74432"

Navigation menu