Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Allowing clients to ssh into servers

[SithLord]

Greetings,

I work for an ISP as a Systems Administrator. We don't as a rule
allow clients to telnet nor ssh into our Cobalt RaQ Servers. The security is not the main concern as we are well protected. The main issue is with clients who don't know linux that well and the recovery of sites that we have to do if they mess up.

Do you think as an ISP we should allow clients to ssh in as a rule of thumb?

SithLord

[dreamrae.com]

um, yes but be very careful..

[okihost]

we do not allow it by default but if we have spoken to the customer a few times and they seem to know what there doing we do allow it.. I would suggest just not allowing it as default..

[archie2]

I manage all my clients websites through ftp, theres no need for SSH for most people.

[bwb]

I was going to allow ssh but decided there was really no need for it especially with great utilities like PHPMyAdmin and so on. On a case by case basis if they request it I will approve it but otherwise not.

[kreativ]

I wouldn't go with any host that didn't allow me SSH, although I might actually prefer a host that allowed SSH but didn't give it out by default.

[archie2]

How do people use SSH? I have used telnet before but never tried SSH

[Andrew]

Quote:

Originally posted by archie2
How do people use SSH? I have used telnet before but never tried SSH

To use SSH from a windows box, there's a nice little utility called Putty. SSH is far more secure than telnet, as with telnet your username/password are transmitted in plain text.

[Deb]

Quote:

The main issue is with clients who don't know linux that well and the recovery of sites that we have to do if they mess up.

Do you think as an ISP we should allow clients to ssh in as a rule of thumb?

As a client I would require SSH to be available from my host and this is why we do offer and recommend offering it. As long as you are staying on top of security issues it's nice to allow your clients to do the same. With that said, I also do not see anything wrong with being sure to add the note of "You break it you buy it". If the client messes up their account then it wouldn't be too much to ask for them to pay a fee for you having to fix it...especially if the problem is repetitive... That's a simple accountability issue. It's nice to be nice, but for those who just can't resist pushing buttons blindly the fee helps...

[dreamrae.com]

i just like have a remote server i can always login into from anywhere in the world, store some files if i need to , pick them up from somewhere else. like everyone else said before, you shouldnt say anything about it unless they ask you. also remember to look out for weird processes and connections..

[ForumsAddict]

Allowing SSH ot Telnet can be (may be) as dangerous some times as telling ppl "Come Hack My Server" lol

[JayC]

Quote:

Originally posted by Deb
a simple accountability issue. It's nice to be nice, but for those who just can't resist pushing buttons blindly the fee helps...

Good point, but... people who blindly push buttons they don't understand will have no trouble screwing their accounts up with ftp, or any kind of control panel file manager, or whatever tool you do put in front of them.

How many hosts haven't had clients delete their own "htdocs" or "www" directory?

Disallowing Telnet/SSH doesn't really eliminate the problem, just as it doesn't mean you no longer have to worry about security!

[Alan - Vox]

If you are woried about people messing up their site and wasting your time restoring backups, then charge for restoring the sites.

[Maximiliam]

I would be very careful allowing even ssh access to your servers. Even though you authenticate the users, get their drivers license etc. It can still be hacked.

What if the user use a really stupid password? Thats so easy to crack?

It would be wise if you did decide on allowing ssh, to add their ip range to the server and deny everyone elses. It would make it way more secure.

[wakkow]

How insecure is SSH that so many of you are so hesitant to allow users to use it? Of course the bit about people screwing their sites over.. But how insecure is it when it comes to hax0rs?