Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

...

What are SSH Keys?

Every HPC user at ARCC has an option for private identity keys on each system they have access to. These are private keys associated with that user’s identity on an ARCC HPC cluster. On our systems, the user also has a certificate associated with their private identity key.

...

Warning

Warning: Please be careful with these files. Do not change their permissions, put them in an insecure digital location, or share them with others. They are your “virtual keys” to log in as yourself on the HPC. If provided to or shared with others, they will be able to log into that ARCC HPC resource as you

...

Benefits of using an SSH Key for HPC Authentication

  • Improved Security

    • When using private keys to authenticate, users do not need to transmit their username and password information over the network. Because private keys are kept on your local machine, they are less vulnerable to interception and attack.

    • Remote systems configured to only accept SSH Key Authentication are more secure than authenticating with a username and password alone. Secure environments should require authentication using “something you know, something you have, something you are”. Ideally, when encrypted with a passphrase, an SSH key covers 2 of those 3 with the passphrase covering something you know, and the private key covering something you have. On some devices, you may have the option to replace a passphrase with “something you are” such as a fingerprint or other biometric scanner to decrypt your key files.

  • Improved Access Control

    • SSH keys control access to HPC resources by restricting access only to authorized users with corresponding private keys. Each user is provided a unique key associated with their identity and permissions on the system.

    • This makes it easier to revoke compromised users without requiring password changes, while still allowing all other existing users to authenticate normally.

  • Convenience

    • Once configured appropriately, SSH keys are often more convenient and increase user productivity. For security, and appropriate configuration, we recommend always encrypting keys with a unique passphrase.

    • Tools like an ssh-agent can hold keys in memory allowing access to the ssh client which saves users from needing to enter their key passphrase repeatedly and reducing the likelihood of failed authentication when repeatedly entering passwords.

  • Automation

    • SSH keys may be used in scripts and automation tools to automate tasks that would require logging into the remote server or HPC. This can make activities on the HPC easier and reduces the risks associated with password exposure.

...

SSH Key Management and Security

When you set up your SSH key your device, please follow best practices:

  • Don’t share your SSH key with others

  • Encrypt your private key files with a passphrase

  • Set up SSH keys with appropriate permissions

  • Do not set up SSH keys on shared devices

  • If a device storing your SSH keys becomes compromised, use a different, uncompromised device to log into OnDemand. Go to the SSH Key Manager application to revoke your old key and create a new one. If you need assistance, please contact arcc-help@uwyo.edu immediately.

...

Creating a new key

Insert excerpt
SSH Key Authentication
SSH Key Authentication
nameGeneral Setup Instructions
nopaneltrue

...

Client Configuration

After creating and downloading your Personal SSH Identity Keys, the keys must now be set up on the system from which you’re going to be logging into the cluster from. As mentioned in the previous section, SSH key access should be limited only to the individual user being granted SSH access.

...