Information: Security Status of GWDG HPC Systems

As you might have read in the press, several HPC centers across Europe have
temporarily revoked access to their systems after it has become known that there
have been security breaches.

We’ve checked our systems regarding traces of this kind of hack and found none.
Our monitoring of the systems’ security is ongoing and we’re working closely
with other data centers under the umbrella of Gauß-Allianz.

Right now, we don’t find it necessary to shut down the system, but we ask you on
this occasion to check ~/.ssh/authorized_keys for entries that aren’t needed
anymore, such as keys used on other systems. Also, keys corresponding to private
keys that have ever been stored on systems other than your personal device
should be removed. [1] This is a good idea in general, but especially given the
current situation. Similarly, if you’ve logged into the SCC from a different
site, it’s recommended to change the password of your GWDG account.

[1] An exception are keys with a comment of the form ${USER}@gwduXXX which are
automatically generated (and should exclusively be used) for authentication
within the SCC system, e.g. for MPI jobs.