If you’re running on a Unix or Linux server, then you likely access your files systems via SSH on a daily basis. However, this might be well and fine for an administrator like you, but should you also be offering the same access to your customers? SSH is particularly vulnerable to attacks by unwanted intruders, and by giving out that kind of power on a limb you may be greatly compromising the security of your system.
The need for SSH access largely depends on the kind of services you’re offering. Giving customers that level of connection puts them as close to administrator status as they’ll ever get. Also, giving each user a secure password makes it that much easier for a hacker to gain access to your server. With that many backdoors left laying around, you’re only increasing the likely hood of an attack.
That being said, telling customers flat-out that you won’t offer SSH access may alienate a large portion of the available market. If you have a consumer that demands this kind of connection, then it’s best to cave. However, be sure to follow the tips below to ensure your server remains secure, even with the risks involved:
Jail Your Users
If you are granting users SSH access, be sure to jail each of those sorry saps to their home folders. This way they cannot easily see the other files laying about your server, and aren’t likely to accidentally tamper with any of them. Likewise, this makes a truly unfortunate break-in less of a concern, as any hackers—armed with nothing but a security code—will be no better than the user himself.
Setup A New Port, Sailor
By default, SSH travels through port 22. Be sure to change this, at least for your users, that way common exploits cannot be turned against. It also prevents hackers from gaining the same access as you’ve got—a truly tragic situation, and one you definitely want to avoid!
Don’t Put-Out By Default
As mentioned, only offer SSH services when a customer requests it. It’s simple enough, and will save you a lot of headaches that never use, nor want, the service.
Insist On Country Strong Passwords
Make your users have secure passwords, and don’t hesitate to reject weak ones. Likewise, have your consumers change their security codes often. Don’t be afraid to exert your status as server master, and insist that they keep up with a monthly regime of code changes.