You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
When to revoke and regenerate your SSH keys
At some point, it may be necessary to revoke your old SSH key and create a new one. Situations that may require revoking your old ssh keys and creating new keys include:
Device compromise:
A device upon which you store your ssh key files has been compromised.
Following good security practices:
It is recommended that ssh keys be rotated as part of a remediation process to ensure any keys that may have been compromised since their initial generation cease to be usable. ARCC recommends rotating your keys every 6 months (similar to requiring password changes at regular intervals).
How to revoke and regenerate SSH keys
Note: if you are revoking and regenerating your ssh keys due to a compromise, you must perform the following steps on a different, uncompromised device
Open a new browser window and go to the OnDemand URL (3rd column in table below) for the HPC in which you’d like to revoke and regenerate your keys
Log in per directions on the linked wiki page (right-most column) associated with the HPC cluster in which you would like to regenerate keys
To facilitate greater access and usability of our HPC services, UW ARCC has configured OnDemand for 3 of our HPC clusters:
Once logged in, click on the SSH Key Manager application in the dashboard to manage your keys.
This will bring up the key management screen. At the bottom is a list of any keys you’ve created previously. If you have revoked keys in the past, you will have a list of your prior keys (in gray) and your current key (in green). Otherwise you will have only your current authentication key (highlighted in green)
Click the red “Revoke” button associated with your current key (highlighted in green).
Your latest key will now turn from green to gray and should change status to “REVOKED”.
Click the Generate New Key button
You may receive a message asking if you’re sure you want to do this. Click Continue.
A new key will be created, highlighted in green. This is your current SSH key set to authenticate into the HPC resource.
Click the download button. This will download your new key files to the local device from you’re currently accessing OnDemand.
Removing Old Keys on your Device
Before configuring your new ssh keys on your devices (usually this is your main workstation or laptop) you must remove your old keys.
Expand the section associated with your specific device OS and follow directions to remove your old SSH keys before replacing them with your new keys.
On a Windows PC
Removing SSH Keys on a Windows PC
The standard location for ssh key files on a windows system are in your personal User directory in a hidden subfolder named .ssh
. On a normal windows PC, this would be under C:\Users\<your_username>\.ssh\
. If you have configured your keys using a non-standard key location, it is your responsibility to be aware of this location.
Open file explorer (By hitting your windows key + E, or clicking the file explorer icon from your start menu or taskbar)
Browse to the directory in which your key files are stored
Delete the following files:
id_ecdsa
id_ecdsa.pub
id_edcsa-cert
Note: we have found that Microsoft sometimes categorizes file types incorrectly. The public key and cert files may be categorized incorrectly as a Microsoft Publisher file and icon. This is ok.
Once your old key files have been deleted, you may configure your new keys. Follow the remaining directions here to configure your new keys on your Windows PC
On a Mac
Removing SSH Keys on a Mac
The standard location for ssh key files on a Mac OS computer are in your personal /home
directory in a hidden subfolder named .ssh
. On most Macs, this would be under /Users/<your_name_on_mac>/.ssh/
. If you have configured your keys using a non-standard key location, it is your responsibility to be aware of this location.
Open your terminal ( → →→ or hit keys)
If your SSH keys are stored in the standard location, change directories to your .ssh directory for your user account on the Mac with the following command: cd ~/.ssh
otherwise cd to the directory in which your keys are stored.
Remove your old keys using the rm command: rm id_ecdsa id_ecdsa-cert.pub id_ecdsa.pub
Once your old key files have been deleted, you copy over and configure your new keys as described in the linked instructions here.
On a Linux PC
Removing SSH Keys on a Linux Computer
The standard location for ssh key files on a Linux OS computer are in your personal /home
directory in a hidden subfolder named .ssh
. On most Linux machines, this would be under /home/<your_username>/.ssh/
. If you have configured your keys using a non-standard key location, it is your responsibility to be aware of this location.
Open your choice of command line interface (shell, terminal, console, prompt, etc)
If your SSH keys are stored in the standard location, change directories to your .ssh directory for your home on the PC with the following command: cd ~/.ssh
otherwise cd to the directory in which your keys are stored.
Remove your old keys using the rm command: rm id_ecdsa id_ecdsa-cert.pub id_ecdsa.pub
Once your old key files have been deleted, you copy over and configure your new keys as described in the linked instructions here.