Hi All Just after some advice, I had a client ask me for ssh access but I am very unsure and concerned about keeping my server safe any advice would be great. Many Thanks
Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet. (wikipedia) You can download http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe to connect SSH
If you grant a SSH access to your client, you will have to deal with security issues. I mean your client will be able to access to many ressources of your server. You should first ask your client the reason why he needs a SSH access. In fact, he can already carry out many things using Cpanels. Regards Thibaut
SSH Access to client is an advantage however be sure that it should only be in jailed mode. Meaning SSH access is only limited to his account. Also make sure to do some tweak on SSH setting to prevent that user from using up all your system resources.
Unless it's a virtual private server, zone or jail - I'd tell them 'No'. I edit plenty of websites and upload php etc. without shell access.
I also tend to agree. However, having the user in a jail containing just his website's contents will most likely mean he can't cause major issues to anyone else's site or your server. It's still a security risk though, and things such as /etc/limits should definitely be taken into account.
I would ask him why he wants SSH access because surely you can give another method to do whatever he wants. If you can't say no, just set it as restricted as you can, jailed mode, not default port, force to change his password frequently, give permissions only for 1 IP, etc.
several years ago I only used hosting accounts offering SSH access (the last one being 1and1.com, before addr.com)and always found major hosts offering SSH. as a site owner I NEVER would access an account other than SSH. if some of the worlds largest hosts can manage the SSH access for ALL customer as default then it appears only to be a matter of self-education for all other minor hosts to do so as well. now with dedicated servers I lnly access my servers using SSH
Dont allow them access, if there computer gets breached your server is also breached. SSH is an easy way into a server.
I've got to agree with hans here. SSH does have major advantages when it comes to administering websites. Setting things up properly, with jailing and limits inparticular, should mitigate a lot of issues, but also simple monitoring of unexpected usage (e.g. lots of CPU being used) should be taken.