[Snic-users] Security precautions due to recent HPC intrusions abroad

[Kent Engström]

BACKGROUND

About two weeks ago, a number of HPC sites around the world announced
that they discovered they had been hit by intrusions, where the bad
guys got elevated privileges that they used to mine for cryptocurrency
as well as log credentials from outgoing SSH connections to the able
to break into other systems.

NSC was *not* one of those centres, but we had Tetralith and Sigma
blocked for logins as a precaution while the details were scarce about
the extent of the problem abroad, and we used the time to apply the
latest OS updates.


WHAT YOU NEED TO DO

If you are a user at one of the centres abroad that was affected and
you have been informed by that centre's staff, follow their
instructions. Also, in that case, change your Tetralith and/or Sigma
password and remove any SSH key from your ~/.ssh/authorized_keys file
whose private part may have been on an affected centre.


BASIC HYGIENE

Do not use the same password for your Tetralith and/or Sigma login as
you use for other clusters, servers, web services etc. elsewhere.

Do not use a passphrase-less (unencrypted) private SSH key present on
another cluster to login to Tetralith or Sigma.

In fact, we recommend that you abstain from keeping private SSH keys
on clusters even with a passhphrase. If, for example, you need to
login to another cluster and then copy files to an NSC cluster, use
SSH agent forwarding instead so the private key never leaves your
local computer.

For more information, see https://www.nsc.liu.se/support/security/


/ Kent Engström, NSC