18 Mar

The Return of (safe) Shell Access

Today marks the return of a feature long ago disabled due to security limitations of old:  Secure Shell based access to accounts.

While we could never bring the wild west days of telnet, password authentication, or free for all Shell access with no restrictions (security!), we are happy to say that one of the benefits of the recent move to CloudLinux on all our servers was that with the implementation of their LVE resource management and CageFS virtual file systems, we’re confident in the security prospects of once again offering SSH access via public/private key pair to all of our clients.

If you log into your cPanel interface, under “Security” you’ll find an icon for “SSH Access”, in there you will find the ability to either create new keypairs, import an existing keypair, and also authorize keys you would like to be able to use to access your account remotely.

Once you have established an SSH key pair, you will find that you can now:

  • Securely access a shell under your account via SSH from the SSH client program of your choice.
    • Only some programs are cleared to be run inside the CageFS environment at this time.
      • Please reach out to support of you believe we’ve missed a reasonable program for use.
    • Resources utilized via the Shell account are tracked and monitored per account.  The short version is, cycles you use via Shell will not be available to service your website.  The shell is not a means to ‘endrun’ our existing policies around resource utilization. 😉
    • While we believe shell access to be of benefit to only a limited number of our clients, or only at specific times (debugging some pesky web code perhaps), we are pleased that the new security enhancements delivered by CloudLinux provides us with a stable platform to once again offer this feature to our clients.
  • SSH based remote utilities are also now available, such as SFTP and SCP access to  your account for transferring files and data.  Again, you’ll need your SSH keypair loaded into the SFTP/SCP program of your choice in order to connect.