UC/ANL TeraGrid Cluster Authentication Policy:

To access UC/ANL cluster resources users must authenticate using Grid credentials supplied by a TeraGrid approved Certificate Authority, or using SSHv2 public/private keys.

Grid credentials and SSHv2 public/private keys must have a strong passphrase as defined in the UC/ANL SSHv2 Key Creation and Usage Guidelines document.

Failure to comply with the strong passphrase guidelines may make your passphrase guess-able by people who a resourceful in finding information about you, or crackable using commonly available cracking software.

Failure to comply with the strong passphrase guidelines may make your passphrase guess-able by people who a resourceful in finding information about you, or crackable using commonly available cracking software.

NEVER GIVE YOUR PASSPHRASE TO ANYONE! Never tell anyone over the phone your passphrase or password. Nobody from the TeraGrid project will ask for your passphrase or password over the phone. (We can access your account without it. System administrators never needs to know your passphrase or password.) If someone calls you and asks for your passphrase or password, please report this by sending mail to help@teragrid.org If you receive electronic mail (email) from someone requesting your passphrase or password (including help@teragrid.org and root), please inform us immediately.

NEVER WRITE YOUR PASSPHRASE OR PASSWORD DOWN. Make your passphrase is unique but something you can remember so you don't have to write it down. If the piece of paper you write your passphrase down on is stolen, your SSH keys could be compromised.

You should NOT use the passphrase to your TeraGrid SSH key(s) as a password on any other machines so that the TeraGrid isn't compromiseable if other machines are compromised. If you share passwords or passphrases between resources and one resource is compromised and passwords or passphrases are stolen, they could be used to compromise the TeraGrid. This has happened. Even when passwords and passphrases are different, if you learn of a security compromise at a remote site where you have an account please notify help@teragrid.org.

Additional information

Question regarding this policy should be e-mailed to help@teragrid.org and should indicate that they are regarding "SSH authentication policies on the UC/ANL cluster".