- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -
Password change: Difference between revisions
Line 22: | Line 22: | ||
== Password change and SSH key removal == | == Password change and SSH key removal == | ||
=== Vulcan === | === Vulcan === | ||
[you@home ~]$ ssh | [you@home ~]$ ssh <your login>@vulcan.hww.hlrs.de | ||
[you@cl5fr2 ~]$ /opt/system/wrappers/passwd | [you@cl5fr2 ~]$ /opt/system/wrappers/passwd | ||
[you@cl5fr2 ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts | [you@cl5fr2 ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts | ||
Line 31: | Line 31: | ||
=== Hawk === | === Hawk === | ||
[you@home ~]$ ssh | [you@home ~]$ ssh <your login>@change.hww.hlrs.de | ||
[you@change ~]$ /opt/passwd | [you@change ~]$ /opt/passwd | ||
[you@change ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts | [you@change ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts |
Revision as of 16:18, 25 May 2020
Due to a security incident on Hawk within the pre-production timeframe, all users must change their passwords and remove/replace ssh-keys before June 3rd 2020. This page provide more detailed information and help for some problems.
- If your account is enabled for multiple ressources, you have to do the changing procedure only once.
- If you get an error while changing the password, check your environment. Passwd is a simple bash script located in
/opt/system/wrappers/passwd
on Vulcan or/opt/passwd
on change.hww.hlrs.de.
To do so following steps are necessary:
Login on an frontend system which is accessable for you.
Password criteria
- minimum length: 8 characters
- at least one upper case character: A-Z
- at least one lower case character: a-z
- at least one digit: 0-9
- at least one non-alphanumerical character:
!?,.;:\"'´\`/\\(){}[]<>§$%&=|^°*+-_~#@€µ and space and tabulator
- mustn't match a dictionary entry
Password change and SSH key removal
Vulcan
[you@home ~]$ ssh <your login>@vulcan.hww.hlrs.de [you@cl5fr2 ~]$ /opt/system/wrappers/passwd [you@cl5fr2 ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts
Please read information and watch output of this command. On success following text is displayed: Password changed successfully.
Password redistribution to all systems will take about 20min. Please wait at least this time before trying to connect using the new password.
Hawk
[you@home ~]$ ssh <your login>@change.hww.hlrs.de [you@change ~]$ /opt/passwd [you@change ~]$ rm -rf .ssh/authorized_key* .ssh/id* .ssh/known_hosts
Please read information and watch output of this command. On success following text is displayed: Password changed successfully.
Password redistribution to all systems will take about 20min. Please wait at least this time before trying to connect using the new password.
Generation and distribution of new SSH keys
In order to enhance security you should consider securing your SSH private key with a password.
Vulcan
[you@home ~]$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter passphrase (empty for no passphrase): ***** Enter same passphrase again: ***** Your identification has been saved in .ssh/id_ed25519 Your public key has been saved in .ssh/id_ed25519.pub The key fingerprint is: SHA256:hzJ396bow3r2OQmW83KjroRqtdgOxjtMddfFCAYeBTQ you@home The key's randomart image is: +--[ED25519 256]--+ | .E++. o | | . + . o | | . . . | | . ... . | | .o.S.o.. | | .. .= o=. . | | o++...o + .o | | .=+o. *.*+ | | .oo. oB=*+o | +----[SHA256]-----+ [you@home ~]$ ssh-copy-id -i ~/.ssh/id_ed25519.pub <your login>@vulcan.hww.hlrs.de
Hawk
[you@home ~]$ ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter passphrase (empty for no passphrase): ***** Enter same passphrase again: ***** Your identification has been saved in .ssh/id_ed25519 Your public key has been saved in .ssh/id_ed25519.pub The key fingerprint is: SHA256:hzJ396bow3r2OQmW83KjroRqtdgOxjtMddfFCAYeBTQ you@home The key's randomart image is: +--[ED25519 256]--+ | .E++. o | | . + . o | | . . . | | . ... . | | .o.S.o.. | | .. .= o=. . | | o++...o + .o | | .=+o. *.*+ | | .oo. oB=*+o | +----[SHA256]-----+ [you@home ~]$ ssh-copy-id -i ~/.ssh/id_ed25519.pub <your login>@change.hww.hlrs.de
Other systems
If users use the same password or ssh-keys on other systems, this keys / passwords should be replaced as well.