Jul 30 2019

User Notice: Compute Canada Implements Changes to SSH to Upgrade Security

SSH, the software protocol used to connect to Compute Canada clusters, will soon be upgraded to enhance security measures. SSH protects the data transmitted between the user and the cluster by verifying the identity of the server and user, and by encrypting the connection. The new configuration will be implemented around mid-August 2019 and will affect all users. In order to continue using Compute Canada clusters, users are required to test their SSH client before the upgrades by connecting to the server ssh-test.computecanada.ca using their Compute Canada credentials.

The following SSH security improvements will take place:

  • Disable certain encryption algorithms.
  • Disable certain public key types.
  • Regenerate the cluster’s host keys

Please follow the steps outlined in the flowchart below to update your SSH client. The instructions are also available on the SSH security improvements wiki page.

Please note:

  • If you can connect, your SSH client is compatible, and no further action is required until the security change implementation date.
  • Following implementation, all users must update the local copies of the host key, which is used to identify each Compute Canada cluster. Instructions for how to update the host key can be found on the SSH security improvements wiki page
  • If you use a personal SSH key, you may also have to generate a new key pair. To find out in advance, you can try to use your personal key on the  ssh-test.computecanada.ca test server.

To learn more about SSH, please read the Compute Canada wiki page: https://docs.computecanada.ca/wiki/SSH.

Implementation date

The users will be notified via email 10 days prior to the start date. Users who haven’t completed the process described above will be unable to connect to Béluga, Cedar, Graham, and Niagara.

Questions / support

If you require further assistance or have questions about this process, please email support@computecanada.ca.