Over at The Hosting News, we asked the question, “Do you need SSH with shared hosting?” This is a common question among shared hosting users, particularly those who are more adept at technologly. Here at Server School, we focus on dedicated servers, so the question for you is different. Should shared hosting customers have SSH access on your server?
The answer depends on the circumstances. While it is important for some select users to have SSH access, giving blanket access to all of your customers could be a recipe for disaster. SSH gives users access to the server’s command line, the shell. From there, they can execute programs, navigate through the server’s filesystem, and pretty much do anything their user privileges will allow.
If you have any reason to doubt a user’s sincerity or their reasons for wanting access, you should not allow it. If you do allow some of them access, you should make sure you have the appropriate security measures in place. First, make sure you enforce secure passwords. A user may be totally honest, but if someone can easily gain access to his or her account, it will only be trouble for you. Second, lock down the account. Always jail the user within his own home directory. That way, the user will not even be able to see important system directories like /etc.
SSH access is usually not necessary. If you offer customers a good control panel, FTP access, and the standard web tools, SSH is superfluous. In those rare occasions when they need it, keep an eye on them and their accounts.