Discuss [Policy change] Jailed SSH access, now free. - Page 5

bluenova · January 27th, 2007, 9:53 AM

SSH in it's self is hardly a security risk, it's just a means of connecting computers together. Once connected to your webspace via SSH you are not given a normal BASH promt but are put into a little program call jailshell. In jail shell you can't do all the things you would be able to do with a normal BASH shell, making it secure but limited. I still use it as it's good for mass moving of files, changing file permissions, renaming etc which just can't be done with FTP.

I for one welcome the change in policy, and hope it will be extended to reseller sub-accounts in the future.

**Kayla** · January 27th, 2007, 6:30 PM

I don't think anyone is understanding this yet. I'll try again, though we normally keep most security info private, because what's security if all the details are out in the open? In this case I will just spill the beans.

I was talking with other admins here and their biggest concern is that even in a jailed SSH environment, brute force attacks on remote servers can still be placed. There is a chance that our server could then be involved in an incident where proof of ID may be required by law enforcement. This has even occurred before, it's not new to us.

Some of our users also use weak passwords to begin with, what if they then have SSH access with that same password, and they get brute forced themselves, then the attacker uses their account.

This is basically adding another benefit for customers, but also another way (besides the mentioned cron jobs) that servers can be abused by users themselves or third parties. With that in mind, why is it so hard to give us an ID? If you aren't up to anything, have a good password, and keep your own site secure and up to date, there is nothing to worry about. You do not have anything to worry about by giving us your ID, it is in safe hands. Maybe other hosts that don't require it are taking security more lightly than us. That's their business..

**Brandonnn** · January 27th, 2007, 6:34 PM

Quote:

Originally Posted by Kayla

With that in mind, why is it so hard to give us an ID? If you aren't up to anything, have a good password, and keep your own site secure and up to date, there is nothing to worry about. You do not have anything to worry about by giving us your ID, it is in safe hands. Maybe other hosts that don't require it are taking security more lightly than us. That's their business..

PUT VERY NICELY

**jfacade** · January 28th, 2007, 1:53 AM

Quote:

Originally Posted by Kayla

Jailed SSH access is now free on all shared and reseller plans except:

Power Shared
Bronze Reseller
(These two plans will still require the $20 one time fee to enable access.)

Couldn't you make it free for these accounts if you pay yearly... then it truly would be ALL!

Good Start Though!

nricciardi · February 5th, 2007, 4:50 PM

Quote:

Originally Posted by Kayla

Jailed SSH access is now free on all shared and reseller plans except:

Power Shared
Bronze Reseller
(These two plans will still require the $20 one time fee to enable access.)

What about OC5? How do I use SSH on OC5?

shirkahn · February 7th, 2007, 11:15 AM

I've got a legacy plan. I'm guessing that the setup fee will apply to me as well?

shirkahn

busoutoshi.net

decx · February 8th, 2007, 11:13 PM

Quote:

Originally Posted by jfacade

Couldn't you make it free for these accounts if you pay yearly... then it truly would be ALL!

Good Start Though!

That would certainly be nice. I wouldn't even mind the ID requirement.

**Kayla** · February 8th, 2007, 11:34 PM

Quote:

Originally Posted by nricciardi

What about OC5? How do I use SSH on OC5?

It's free for you, just need to put in the request.

**Kayla** · February 8th, 2007, 11:35 PM

Quote:

Originally Posted by shirkahn

I've got a legacy plan. I'm guessing that the setup fee will apply to me as well?

shirkahn

busoutoshi.net

Which plan exactly is it that you have?

Please send an email to me at kayla(at)surpasshosting.com.

January 27th, 2007, 6:30 PM	#38 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Orlando 24,749 posts Gave thanks: 946 Thanked 806 times	I don't think anyone is understanding this yet. I'll try again, though we normally keep most security info private, because what's security if all the details are out in the open? In this case I will just spill the beans. I was talking with other admins here and their biggest concern is that even in a jailed SSH environment, brute force attacks on remote servers can still be placed. There is a chance that our server could then be involved in an incident where proof of ID may be required by law enforcement. This has even occurred before, it's not new to us. Some of our users also use weak passwords to begin with, what if they then have SSH access with that same password, and they get brute forced themselves, then the attacker uses their account. This is basically adding another benefit for customers, but also another way (besides the mentioned cron jobs) that servers can be abused by users themselves or third parties. With that in mind, why is it so hard to give us an ID? If you aren't up to anything, have a good password, and keep your own site secure and up to date, there is nothing to worry about. You do not have anything to worry about by giving us your ID, it is in safe hands. Maybe other hosts that don't require it are taking security more lightly than us. That's their business.. __________________ Follow Surpass on Twitter and Facebook Check out the Surpass Blog

February 7th, 2007, 11:15 AM	#42 (permalink)
shirkahn Registered User Fresh Surpasser Joined in Feb 2007 1 posts Gave thanks: 0 Thanked 0 times	I've got a legacy plan. I'm guessing that the setup fee will apply to me as well? shirkahnbusoutoshi.net __________________ ========================== Puff the fractal dragon was written in C, And frolicked while processes switched in mainframe memory...... ==========================

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

January 27th, 2007, 9:53 AM	#37 (permalink)
bluenova Registered User Fresh Surpasser Joined in Apr 2005 27 posts Gave thanks: 1 Thanked 1 Time in 1 Post	SSH in it's self is hardly a security risk, it's just a means of connecting computers together. Once connected to your webspace via SSH you are not given a normal BASH promt but are put into a little program call jailshell. In jail shell you can't do all the things you would be able to do with a normal BASH shell, making it secure but limited. I still use it as it's good for mass moving of files, changing file permissions, renaming etc which just can't be done with FTP. I for one welcome the change in policy, and hope it will be extended to reseller sub-accounts in the future.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)