How is important to offer shell access?

Portal Home > Knowledgebase > Articles Database > How is important to offer shell access?

Posted by javafaq, 10-08-2003, 06:58 AM
Hello! From my own experience, I always choosed hostings with shell access (telnet before, ssh now)... I am going to reseller business and wonderring how many people demand shell access. I see that some site offer reseller packages with SSH and some not... Many say that it is security risk... But not so big I think unless people get root access... 1. Is that much security violations happen with you who gave shell access? 2. What is fraction of customers I can lose due to luck of shell access? Second question is more important, please first answer to it :-) !!! Alexandre P.P.S I just edited my grammar here :-), nothing more Last edited by javafaq; 10-08-2003 at 11:24 AM.
Posted by Zach, 10-08-2003, 09:56 AM
IMHO I don't think it is that important. Im sure more then half of our customers dont know what telnet is, and the other half have no real need for it. If someone requests SSH access we give them access, but they must first photocopy some form of id and mail or fax it to us. If the customer can't do that, I tend to think that they wanted it to do something they shouldnt have been doing in the first place. IHMO only though.
Posted by Blind Freddy, 10-08-2003, 10:00 AM
We don't provide it. And to our knowledge, have never lost a customer because of this policy. Eric G.
Posted by Adrian, 10-08-2003, 10:08 AM
We offer SSH, and have definitely had people choose us over other hosts because of it. Not many but some
Posted by Deb, 10-08-2003, 10:13 AM
When setting up your servers make #1 the priority over #2...not the other way around. What good are a bunch of customers if they all get hurt in the end due to a security breach that took second fiddle? Ditto. Quite a few of our clients would be a little more than disturbed if we took it away...
Posted by Laci, 10-08-2003, 12:06 PM
I find that ppl want the choice , I know that I do
Posted by oracleweb, 10-08-2003, 12:10 PM
Yup I could not do what I do without it...unless I wanted to double the time
Posted by idologicJeff, 10-08-2003, 01:57 PM
This is one of those questions that raises alot emotion in this community. Other questions equally likely to raise emotion include: What OS is the best Which Control panel is the best Where do babies come from. Having said that - I would argue that both offering and asking for shell access by/from a hosting company is completely dependant upon the client's needs. Some of our clients have never made use of the shell access (or in fact logged into their server), while others can't live without it. It is possible to run a business without offering shell access (and many do) however I would argue that by doing so, you needlessly limit your target market. Cheers Jeff
Posted by cactus, 10-08-2003, 10:08 PM
In my opinion if a Host is providing Reseller accounts then it's only fair to allow access to SSH for them. It's a matter of convenience and most Resellers may have to use SSH to edit or help out their client's account without bothering the Host. The WHM/Cpanel can do much for the Reseller and client but it has its limitations and particular thing like scripts, emails, counters, etc, etc. that requires logging in to the server to fixed it for the clients is the Reseller's responsibility and only with SSH could the Reseller handle such problems. Of course there are also knowledgeable clients that do also require SSH to do their work to install and debug their scripts. Although it's very risky for a Host to provide SSH access for their server(s) due security exploits or damage to their server that the Host is afraid of, it would be wise for a Host to secure their servers properly and monitor it at all times. You as a Host should be the best judge, if you are paranoid and have a fear of SSH, then don't but if you are confident about it, by all means provide it to your users. From a business perspective it would definitely be an edge over your competitors. As idologicJeff already mentioned. Regards. Last edited by cactus; 10-09-2003 at 01:48 AM.
Posted by ScottD, 10-08-2003, 10:37 PM
We recently updated our MOTD with some stronger wording about the use of shell access and what is acceptible. That wording alone prompted a few long time customers to send us an email begging us not to take it away! We never had any plans to but it just goes to show that some people prefer to work on things via shell and will have it no other way. I've still never seen a tool that can make global changes faster than sed, awk, or perl. And I've never understood the misguided desire to keep these tools locked up.
Posted by javafaq, 10-09-2003, 06:48 AM
This is one of those questions that raises alot emotion in this community. I was starting this thread not to shake community :-) Especially I just have a few posts here and can be exused for the first time :-) Actually when I used Excel table (published recently here) as a start point for investigating of resellers, I was suprised by how many sites who offer resseling not providing shell access. Being many years a web developer myself I believed that shell access is a MUST. Power of shell can not substitute none of the tools and panels I have seen. That is the reason of my question... Many resellers say that it is potential risk. But all applications have bugs and create potential risks. Just in August my site was hacked through some MySQL/PHP hole and this guy never logged in my Virtual server. So what, should I disable MySQL and PHP and work with palin HTML? Before were a lot of holes in different CGI scripts and there were sites that did not let run CGIs... I think it is a matter of how much resellers care about patching in time (not after hacking) all holes and bugs... Just two weeks ago Red Hat informed me that SSH had a security hole and gave the patch. I fixed it right away... Alexandre
Posted by Hostmax-br, 10-09-2003, 07:53 AM
I must disagree with some of you guys. Having a shell access will unecessary lead to a know or not_that_know bug that can broke up your system. Not much time ago there was a vulnerability in ptrace that allowed single user to become root with not much more than a ./exploit. Said that, I would see that lots of you will find it useful to help customers and so, what I don´t deny that indeed is. But the prices can come very high if some, or at least one, of your clients are just willing to try some new www.packetstormsecurity.com expl0 on your machine (what he recognize his machine due to the monthly payment that he does). In a script kiddie´s hand, a exploit might be dangerous but if used for someone more skilled it WILL be dangerous and no more than 30 min will be necessary to ruin your system. Of course, security issues are the most important thing when set up a server and no matter if its a unix flavour or a windows machine if there is any hole, it can be exploited, not that it will be but it certainly can. Scans over internet had become really a non-sense since it happens all the time. Obviously that a php/mysql bug can, maybe, lead to the same problem that a shell can do. But a mysql/php bug is quite different then have acess to a system by shell and scan all running process (not that hard, a ps aux will do it) and look for some vuln. My point is: if you REALLY want to give shell to your customers you need to be aware that your security will need to be checked not every day, but every hour and better you got a good admin to take care of your security. Sorry if it sounds paranoid, I havent got my cup of tea today yet.

Add to Favourites Print this Article

Knowledgebase

How is important to offer shell access?

Our Services

Client Menu

Legal