SSH Key Management

We love the interface and all of the tools in OOD. It seems to provide almost every feature that a user would need to use their HPC environment. While most users would use the authenticated OOD dashboard to start jobs, some still prefer to SSH in. For these users, we would like to have some sort of app interface for managing their keys.

1 Like

Do you have any ideas on the types of actions the users could do, the views they would see, etc.? Do you know of other apps that provide a similar interface to what you envision?

Simple things. They could see all of the public keys they have added to their accounts. They could have a place to upload another public key directly, or remove an existing one. Maybe they could even have the ability to generate a new key pair and add the public and download the private automatically. Some HPC setups seem to provide this sort of management ability simply in a web interface, perhaps running commands or editing the file(s) where keys are stored behind the scenes. We’d like to add such an interface to OOD so that our users can login to the OOD dashboard, and then be able to manage their credentials to connect to the cluster directly if they so choose.

Circling back to this, do you know of any HPC centers providing an interface or an example app you could point us to? If there is a web app written in Python, NodeJS or Ruby (or any WebApp for that matter) that provides the features desired, it may be as simple as turning it into an OOD app.

I would think the functionality of the GitHub key management interface is what is being requested here. Not sure if the code for that is available publicly.

We don’t offer it to end users but internally we are using the open source version of Hashicorp’s Vault.

We are deploying RedHat’s IdM as well, which - if we can get it working - hopefully provides something like key management for users. RedHat’s solution is all in one auth, and can be set up in Trust with AD. That means we only need to manage local groups/etc and all other authentication and authorization is managed by central IT. We are a university and it’s Central IT’s job, not ours, to manage users.