Hub data security #7
-
Hi My name is Mike Beller and I'm looking into applying planetary computer to analyzing forestry projects in the developing world. Kudos on setting this all up. I had previously set up my own crude pangeo/dask arrangement on AWS, and the PC Hub is just better integrated and easier to use. Particularly given planetary computer is designated as a kind of preview -- I would like to confirm that the data I store on planetary computer, for example in /home/joyvan on my Hub account, is subject to the same security that any azure instance would be. Can I safely put my github (encryped) private keys up there, for example? And on a related note, can I SSH to the hub instance itself? If so, how? Thanks Mike |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hi @MikeBeller! I think https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html#security-overview and https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html#give-admin-access-to-other-users-notebook-servers-admin-access. In particular, admin JupyterHub users can access the home directories of users. Currently, that's just me (https://github.com/microsoft/planetary-computer-hub/blob/a6fb07cc9e84f6eddcf0702cc427f31b1106017c/helm/values.yaml#L22-L26). I might disable that, since I don't think I need it, but you shouldn't rely on it not changing (I can deploy changes from outside of GitHub). I hope that helps you make decision, but personally I would recommend against including plain-text secrets anywhere in your home directory.
We do not currently allow that. There is a project to enable that (https://github.com/yuvipanda/jupyterhub-ssh) but we haven't implemented that. Can you share a bit about why SSH-ing into a hub instance would be helpful? |
Beta Was this translation helpful? Give feedback.
Hi @MikeBeller! I think https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html#security-overview and https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html#give-admin-access-to-other-users-notebook-servers-admin-access. In particular, admin JupyterHub users can access the home directories of users.
Currently, that's just me (https://github.com/microsoft/planetary-computer-hub/blob/a6fb07cc9e84f6eddcf0702cc427f31b1106017c/helm/values.yaml#L22-L26). I might disable that, since I don't think I need it, but you shouldn't rely on it not changing (I can deploy changes from outside of GitHub).
I hope that helps you make decision, but personal…