Skip to content

Security: how to change your connection methods

Change your password

  • Connect to one of the frontend nodes
  • Type the command passwd and answer the questions by indicating the current password and then twice the new password. This will change the password of all the frontals.

Change the SSH connection key

If you have configured an SSH key to connect to Myria, you must delete the old key, regenerate the passphrase that protects your private key and add the new public one. If you have not configured an SSH connection key, check the contents of the ~/.ssh/authorized_keys file as indicated below.

  • On your workstation:
    • Regenerate the file pairs (private key/public key) using the ssh-keygen command (on Linux/MacOS) or via the putty-gen application (on Windows).
      For obvious security reasons, prefer a connection with a NON-empty passphrase with, in a pinch, the use of an ssh-agent.
  • On Myria :
    • clean up the authorized keys in the ~/.ssh/authorized_keys file.
      Only the line with the comment login@host (where host can be altair-adm, antares or mytch) at the end of the line should be kept. It allows you to connect to the cluster.
      For the other lines, keep only the essential : connections by password will remain possible.
    • add the new public key in the ~/.ssh/authorized_keys file

Case of connections between computer centers

If you have set up SSH keys to connect between computer centers, you must also delete the public and private key pairs on each center, re-generate them and rebroadcast the public keys.
Same remark as before: prefer a connection with a NON empty passphrase...

Attention, very important

your private key (file id_rsa) must never be copied on another server... It must remain only on your workstation.

IDRIS recommendations

In addition, here are the recommendations from the National IDRIS Center:

For added security, we ask that you do four things:

  • take every precaution on your workstation to protect your private key (strong passphrase, restrictive access rights),
  • do not copy your private key on IDRIS servers,
  • generate RSA keys of at least 4096 bits, or use elliptic curve cryptography algorithms (ECDSA, ed25519)
  • Verify that the fingerprints of the public keys of the IDRIS SSH servers to which you are connecting are referenced in this list
  • restrict these keys to the use of the machines you have declared in the IDRIS filters. To do this, you need to edit the authorized_keys file on your local machine and add the following string at the beginning of each line containing a key generated on one of the IDRIS machines:

    • from="your_ip" or possibly;
    • from="machine.domaine_local.fr" or ;
    • from="*.machine.domaine_local.fr".

    ``bash $ cat ~/.ssh/authorized_keys from="machine.domain_local.fr" ssh-rsa AAAAB3NzaC1yc2EA........... login@host ```


Last update: November 25, 2022 14:05:21