SSH Acess

Discussion in 'Security' started by Burtmork, Dec 30, 2009.

  1. #1
    Hi All

    Just after some advice, I had a client ask me for ssh access but I am very unsure and concerned about keeping my server safe any advice would be great.

    Many Thanks:)
     
    Burtmork, Dec 30, 2009 IP
  2. baonhi41

    baonhi41 Peon

    Messages:
    141
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet. (wikipedia)

    You can download http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe to connect SSH
     
    baonhi41, Dec 30, 2009 IP
  3. Thibaut

    Thibaut Well-Known Member

    Messages:
    886
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    140
    #3
    If you grant a SSH access to your client, you will have to deal with security issues. I mean your client will be able to access to many ressources of your server. You should first ask your client the reason why he needs a SSH access. In fact, he can already carry out many things using Cpanels.

    Regards
    Thibaut
     
    Thibaut, Jan 6, 2010 IP
  4. iRock-Matt

    iRock-Matt Peon

    Messages:
    39
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    SSH Access to client is an advantage however be sure that it should only be in jailed mode. Meaning SSH access is only limited to his account.

    Also make sure to do some tweak on SSH setting to prevent that user from using up all your system resources.
     
    iRock-Matt, Jan 6, 2010 IP
  5. mikegws

    mikegws Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Unless it's a virtual private server, zone or jail - I'd tell them 'No'. I edit plenty of websites and upload php etc. without shell access.
     
    mikegws, Jan 7, 2010 IP
  6. Thibaut

    Thibaut Well-Known Member

    Messages:
    886
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    140
    #6
    I agree with mikegws, letting your clients using SSH would lead to many issues.
     
    Thibaut, Jan 8, 2010 IP
  7. cocodude

    cocodude Active Member

    Messages:
    37
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #7
    I also tend to agree. However, having the user in a jail containing just his website's contents will most likely mean he can't cause major issues to anyone else's site or your server. It's still a security risk though, and things such as /etc/limits should definitely be taken into account.
     
    cocodude, Jan 8, 2010 IP
  8. VictorC

    VictorC Peon

    Messages:
    38
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I would ask him why he wants SSH access because surely you can give another method to do whatever he wants.

    If you can't say no, just set it as restricted as you can, jailed mode, not default port, force to change his password frequently, give permissions only for 1 IP, etc.
     
    VictorC, Jan 8, 2010 IP
  9. hans

    hans Well-Known Member

    Messages:
    2,923
    Likes Received:
    126
    Best Answers:
    1
    Trophy Points:
    173
    #9
    several years ago I only used hosting accounts offering SSH access (the last one being 1and1.com, before addr.com)and always found major hosts offering SSH.
    as a site owner I NEVER would access an account other than SSH.
    if some of the worlds largest hosts can manage the SSH access for ALL customer as default
    then it appears only to be a matter of self-education for all other minor hosts to do so as well.

    now with dedicated servers I lnly access my servers using SSH
     
    hans, Jan 10, 2010 IP
  10. FavouritesBlog

    FavouritesBlog Peon

    Messages:
    846
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Dont allow them access, if there computer gets breached your server is also breached.

    SSH is an easy way into a server.
     
    FavouritesBlog, Jan 11, 2010 IP
  11. cocodude

    cocodude Active Member

    Messages:
    37
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #11
    I've got to agree with hans here. SSH does have major advantages when it comes to administering websites.

    Setting things up properly, with jailing and limits inparticular, should mitigate a lot of issues, but also simple monitoring of unexpected usage (e.g. lots of CPU being used) should be taken.
     
    cocodude, Jan 12, 2010 IP