Sshkey policy

From DISI
Revision as of 04:39, 11 June 2015 by Frodo (talk | contribs) (hjg)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Our SSH/SSL key policy is as follows. Please make sure all of these are true for all the machines you use:

  • all ssh keys must be password protected.
  • password on your ssh key must be different from your login password
  • do not use the same password on two clusters
  • do not use the same password for gmail and any cluster
  • do not give your password or sshkey to anyone, even friends, family, or other lab members
  • if you need to move files to Cluster 2, copy them from within Cluster 2. e.g. to copy from Fawlty in YYZ:
ssh root@142.150.250.20 "cd /nfs/store/ucsf/users/proust1/in/other_data; tar cf - xyz " | tar xf -

Never copy from cluster 0 or 1 into cluster 2.

See the tips on using Ssh-agent for password-free passage among machines.