What are the consequences of giving a user ssh access

[peps03]

Hi,

What are the consequences of giving a user ssh access? I couldn't find an answer to this question anywhere.

What will they be able to control / access / do? I assume they can't execute code that can affect the server / other users?

Thanks

 

[peps03]

Anyone?

I want to give some users sFTP access but i assume they can them also access the server via putty and execute commands? Can they do damage to the server?

 

[alexelixir]

until unless normal user use some kind of privilege escalation exploit they can do very limited things over ssh
Default they have permission to do whatsoever they want in their home Directory
still you can make them less trouble for you by setting up disk quota etc
still i am waiting to hear more opinion on this topic

 

[Arieh]

If you're worried about the commands, you should also think about the cronjobs. They can do all the commands as well.

Having said that, enabling SSH for everyone may just get more people nosing around than when they would have to use cronjobs.


In my opinion the best way is to use CloudLinux or a similar product (if there is one), they have made it their business to upgrade the CentOS/RHEL OS for shared hosting purposes. This includes a virtual shell environment for the user. Every user has it's own copy of system files. PHP, Cron, SSH -- they all get to see that virtual environment. That way you can enable about everything (e.g. exec() in php) and don't have to worry about anything.