when offering ssh access to customers, are there things I should be aware of?
i dont have jailed ssh nor do i have suPHP.

if i allow ssh access, what should i look out for especially?

We prefer to only extend shell access on a case-by-case basis, when a customer can really justify needing it, and are able to provide proper identification for us to keep on file.

Also keep in mind that if use 2Checkout as your payment processor, you are not allowed to offer SSH to your clients.

I also do not allow SSH access to mine. And, I plan to only offer it if somebody specifically requests it and can give justification as to why they need it.

does this mean all other webhosts that do offer ssh like hostmonster are vulnerable to exploits?

in other words, jailed ssh alone is still not enough?

does this mean all other webhosts that do offer ssh like hostmonster are vulnerable to exploits?

in other words, jailed ssh alone is still not enough?

No, but chmod files like 'wget', 'telnet' etc to 700 (root only) will help!

No, but chmod files like 'wget', 'telnet' etc to 700 (root only) will help!If you grant shell access to somebody who really knows what he/she is doing, they can access root. That said, chmod binary packages or any files/directories for that matter won't help to stop him/her from doing whatever they please to the system.

does this mean all other webhosts that do offer ssh like hostmonster are vulnerable to exploits?


Every service connected to the internet is vulnerable to exploits, so it comes down to doing all that you can to reduce the odds of being compromised. Security hardening is a never-ending job, as is learning all that you can about defending your servers. There's more to learn each and every day than there is time to learn it, it seems.

As for what the mega-sized hosting companies offer, that is their business. Their bean counters know to the penny what an exploit costs them, and you can be sure that such incidences are factored into their pricing.

Also keep in mind that if use 2Checkout as your payment processor, you are not allowed to offer SSH to your clients.
Can you point out where that is in their terms?

If you grant shell access to somebody who really knows what he/she is doing, they can access root.
Really? Even ifall the passwords are good, and all the software up-to-date, and you, yourself, are a good admin, and watch over your server?

I'd say that in general you may be right, but the person will have to know quite a bit, and even then it's going to be quite unlikely they're actually going to break in.

That said, we seldom allow shell access.

Jeff

Can you point out where that is in their terms?

Under "Prohibited Products": https://www2.2checkout.com/documentation/prohibited.html


IRC Chat Hosting, Game Server Hosting, Shell Accounts

Thanks. Hopefully there's a difference between shell accounts and offering shell access as part of a webhosting solution. We'd never offer stand-alone shell accounts but we've never had a problem offering shell access under controlled circumstances (see elsewhere in this thread) as part of a webhosting solution.

I wonder what they're going to say when we let them know we're moving away from 2CO if we can't offer shell access as part of our webhosting solutions.

They may say goodbye.

I'll try contacting them on Monday and I'll try to remember to post again.

Jeff

I'll try contacting them on Monday and I'll try to remember to post again.


Yes, perhaps they allow judicious assignment of webhosting accounts with shell access. Please let us know what they say.

I just spoke to a friendly lady in the risk department.

I explained that we do NOT sell stand-alone shell access accounts but that we do from time to time offer shell access upon application to our webhosting customers.

I asked them if we could sell those accounts through 2Checkout.

Her response was yes, and she so noted our account (which is not under the name NoBaloney Internet Services, so don't bother asking them about us :)).

I suggest that if you do what we do, you check with the risk department.

In the United States their toll free number is 877-294-0273, extension 192. I'm not sure of how to reach them outside the U.S., but if you use them you probably have that information.

Jeff