Скачать презентацию File Transfer and Use of Clear Text Passwords Скачать презентацию File Transfer and Use of Clear Text Passwords

23121695666669597af36313f3b40cfe.ppt

  • Количество слайдов: 10

File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC NUG Meeting

Clear Text Passwords • Clear Text Passwords pose significant security risk – Major source Clear Text Passwords • Clear Text Passwords pose significant security risk – Major source of security compromises • NERSC policy to eliminate clear text passwords • NERSC does not allow clear text shell sessions – Current primary exposure for NERSC is in file transfer NUG Meeting 16 March 2018

Clear Text Password Goals and Challenges • Goals – Eliminate all clear text password Clear Text Password Goals and Challenges • Goals – Eliminate all clear text password access to NERSC – Continue to allow outbound ftp to non-NERSC sites • Challenges – Unlike telnet/ssh, no universal cross-platform solution – Many solutions still in development phase NUG Meeting 16 March 2018

File Transfer Options • Use scp or sftp • http: //hpcf. nersc. gov/help/access/ssh. html File Transfer Options • Use scp or sftp • http: //hpcf. nersc. gov/help/access/ssh. html • scp – Works with SSHv 1 and SSHv 2 – Data stream encrypted (performance hit) • sftp – Works with SSHv 2 – Data stream encrypted (performance hit) – Similar interface to ftp NUG Meeting 16 March 2018

File Transfer Options • If performance becomes an issue try ftp with ssh tunneling File Transfer Options • If performance becomes an issue try ftp with ssh tunneling • http: //hpcf. nersc. gov/help/access/ssh. html • ftp with ssh tunneling – Works with SSHv 1 and SSHv 2 – Data stream unencrypted (no performance hit) – Caveats • Requires set up • Potential port collision failures NUG Meeting 16 March 2018

Availability • sftp, ssh, scp available on: – – – Seaborg Crays Newton - Availability • sftp, ssh, scp available on: – – – Seaborg Crays Newton - Symbolic Mathematics and Statistics Server Escher – Visualization Server PDSF NUG Meeting 16 March 2018

File Transfer to HPSS • sftp, ssh, scp not available to HPSS • Possible File Transfer to HPSS • sftp, ssh, scp not available to HPSS • Possible future solution of gsi_ftp – Not production ready • Allow use of current clients without transmitting easily sniffed passwords – http: //hpcf. nersc. gov/storage/hpss/ftp_nopass. html NUG Meeting 16 March 2018

Key Points to Remember • Protect your private keys – Don’t put them on Key Points to Remember • Protect your private keys – Don’t put them on publicly accessible systems • Put a passphrase on your keys – Ssh-keygen allows you to generate a key with no passphrase – DO NOT do this • Don’t telnet from home to work and then SSH into NERSC – Defeats the use of SSH NUG Meeting 16 March 2018

NERSC PKI Infrastructure • DOE Science Grid Certificate Authority – ESNet – Establishes identity NERSC PKI Infrastructure • DOE Science Grid Certificate Authority – ESNet – Establishes identity • Site Registration Authorities / Managers – Site authorization • Current state – ESnet has working CA – NERSC has a prototype RA NUG Meeting 16 March 2018

NERSC PKI Infrastructure • Key points – ESNet verifies certificates – NERSC provides authorization NERSC PKI Infrastructure • Key points – ESNet verifies certificates – NERSC provides authorization • Still need to go through NERSC authorization process • Certificate interoperability with NIM • Even if certificate issued by another organization NUG Meeting 16 March 2018