Our SSH/SSL key policy is as follows. Please make sure all of these are true for all the machines you use:
- all ssh keys must be password protected.
- password on your ssh key must be different from your login password
- do not use the same password on two clusters
- do not use the same password for gmail and any cluster
- do not give your password or sshkey to anyone, even friends, family, or other lab members
- if you need to move files to Cluster 2, copy them from within Cluster 2. e.g. to copy from Fawlty in YYZ:
ssh email@example.com "cd /nfs/store/ucsf/users/proust1/in/other_data; tar cf - xyz " | tar xf -
Never copy from cluster 0 or 1 into cluster 2.
See the tips on using Ssh-agent for password-free passage among machines.