{"id":2434,"date":"2011-09-22T12:39:57","date_gmt":"2011-09-22T16:39:57","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=2434"},"modified":"2021-10-19T06:48:19","modified_gmt":"2021-10-19T10:48:19","slug":"offer-ssh-access-to-your-customers","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/offer-ssh-access-to-your-customers\/","title":{"rendered":"How And When To Offer SSH Access To Your Customers"},"content":{"rendered":"<p>If you\u2019re running on a Unix or Linux server, then you likely access your files systems via SSH on a daily basis. However, this might be well and fine for an administrator like you, but should you also be offering the same access to your customers? <a href=\"https:\/\/en.wikipedia.org\/wiki\/Secure_Shell\" target=\"_blank\" rel=\"noopener\">SSH<\/a> is particularly vulnerable to attacks by unwanted intruders, and by giving out that kind of power on a limb you may be greatly compromising the security of your system.<\/p>\n<p>The need for SSH access largely depends on the kind of services you\u2019re offering. Giving customers that level of connection puts them as close to administrator status as they\u2019ll ever get. Also, giving each user a secure password makes it that much easier for a hacker to gain access to your server. With that many backdoors left laying around, you\u2019re only increasing the likely hood of an attack.<\/p>\n<p>That being said, telling customers flat-out that you won\u2019t offer SSH access may alienate a large portion of the available market. If you have a consumer that demands this kind of connection, then it\u2019s best to cave. However, be sure to follow the tips below to ensure your server remains secure, even with the risks involved:<\/p>\n<p><strong>Jail Your Users<\/strong><\/p>\n<p>If you are granting users SSH access, be sure to jail each of those sorry saps to their home folders. This way they cannot easily see the other files laying about your server, and aren\u2019t likely to accidentally tamper with any of them. Likewise, this makes a truly unfortunate break-in less of a concern, as any hackers\u2014armed with nothing but a security code\u2014will be no better than the user himself.<\/p>\n<p><strong>Setup A New Port, Sailor<\/strong><\/p>\n<p>By default, SSH travels through port 22. Be sure to change this, at least for your users, that way common exploits cannot be turned against. It also prevents hackers from gaining the same access as you\u2019ve got\u2014a truly tragic situation, and one you definitely want to avoid!<\/p>\n<p><strong>Don\u2019t Put-Out By Default<\/strong><\/p>\n<p>As mentioned, only offer SSH services when a customer requests it. It\u2019s simple enough, and will save you a lot of headaches that never use, nor want, the service.<\/p>\n<p><strong>Insist On Country Strong Passwords<\/strong><\/p>\n<p>Make your users have secure passwords, and don\u2019t hesitate to reject weak ones. Likewise, have your consumers change their security codes often. Don\u2019t be afraid to exert your status as server master, and insist that they keep up with a monthly regime of code changes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019re running on a Unix or Linux server, then you likely access your files systems via SSH on a daily basis. However, this might be well and fine for&#8230;<\/p>\n","protected":false},"author":3,"featured_media":2448,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[9],"tags":[2946,321,1577,61,2948,648,2947,567],"class_list":["post-2434","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-issues","tag-attack","tag-hackers","tag-intruder","tag-linux","tag-new-port","tag-ssh","tag-strong-password","tag-unix"],"views":153,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/2434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=2434"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/2434\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media\/2448"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=2434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=2434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=2434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}