Lab Security Policy

From DISI
Revision as of 15:19, 10 January 2014 by Frodo (talk | contribs)
Jump to navigation Jump to search

To access the cluster remotely you need to ssh to portal.uoft.bkslab.org using an ssh key. The key used to access the portal can ONLY be used between the user’s remote computer and the portal. A user cannot access the cluster from the portal using a ssh key, they must use a password. A user can use ssh keys to move around within the cluster, but only if they were created securely and only used within the cluster. The keys used within the cluster CANNOT be used anywhere outside the cluster. Ssh keys must be protected at all times and must never be shared with anyone, even family members or lab mates. Misuse of sshkeys is a very serious matter. Please guard your ssh key access as you would your bank account. If you have any doubts about appropriate use of ssh keys, please ask a sysadmin.

Q & A:

1. Is it lab policy that I can have an ssh key exchange between UCSF and U of T computers?

Yes people can have a sshkey exchange between UCSF and UT computers (only the computers that we maintain, ie monkey.ucsf.edu should NOT have a sshkey). You cannot have a ssh key exchange between the portal and the cluster.

2. Is there any way into the cluster from home other than through the portal.uoft.bkslab.org machine using my public/private key?

Currently, there is no other way to access the cluster remotely.

3. If I lose my laptop / think my account may have been hacked, what is the correct course of action?

Send an email to access.bkslab@gmail.com immediately.

4. Can I copy the private key to as many computers as I like, or should I have one for each computer I want to use to access the cluster?

You should use a different ssh key for every computer that you want to use to access the cluster. This is because if one of your computers gets hacked, I only have to disable one key and you can still use your other laptop/computer.

5. Can I use the same public/private key pair inside the cluster as I use to access the cluster? Or should we use two different ones?

You should use two different ones, one within the cluster and one to access the portal from outside.

6. Can I use key pair exchange to allow me to log in to my colleague's account, or is that a forbidden usage?

Thus say I am Brian, and I want to allow John to log in as me without my password, can we use ssh keys to allow this?

  • No, we definitely don't allow this. Brian must not accept John's public ssh key as ahn authorized_key.

7. Do I need to use the portal when I am in the lab?

No, the portal is only needed when accessing the cluster from outside.