Should You Offer SSH Access?

With a Linux or Unix dedicated server, you will probably access it via SSH on a regular basis. It is an essential feature for server system administrators. For other users, however, it is usually not essential and may even be a security risk. Do your hosting customers or company employees need access? A lot of that depends on the type of service you are providing and how technologically advanced your users are.

When customers have SSH access, they have the closest thing to administrative rights. Although your server’s permission keep them from having access to system files, by default, they will be able to see them. Furthermore, if they do not use secure passwords, it is possible for hackers to gain access to the server through their SSH accounts.

If you do decide to offer SSH access, you should take some security measures to ensure your server’s safety.

  1. Jail all users within their own home directories. That way, they will not be able to move freely to view system files and potentially cause trouble
  2. Setup a custom port for SSH connections other than the default port 22.
  3. Do not offer SSH access by default. Instead give users the option to request it, and closely monitor those users who use it.
  4. Insist on secure passwords. You can set your system to reject simple passwords and also require users to change their passwords on a regular basis.

SSH access is important for some users, and it may drive customers away to completely forbid it under all circumstances. Therefore, if and when you do allow it, make sure you take the necessary precautions.