The - SSH Connection Window - in cPanel. Is this secure?

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
With regards to the SSH Connection Window which can be enabled for hosted accounts in WHM. Is this thing secure?

Is it more secure than typical SSH jailed access?

Do you have to enable jailed access in WHM to get this to work for a hosted account?

Anything on this would be helpful. Thanks very much.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
With regards to the SSH Connection Window which can be enabled for hosted accounts in WHM. Is this thing secure?

Is it more secure than typical SSH jailed access?

Do you have to enable jailed access in WHM to get this to work for a hosted account?

Anything on this would be helpful. Thanks very much.
The SSH connection window is powered by a Java applet that establishes a secure shell (SSH) connection to your server. This is simply a Java applet that does the same thing you could do by using PuTTY or the ssh command to connect to your server via SSH.

Functions related to uploading files can be done without jailed or normal shell access. However, to do anything else, a minimum of jailed shell access is needed.

It is generally considered prudent to only issue jailed shell access to clients that demonstrate a significant need for such access as even jailed shell access can be a security risk.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Thanks David,

But here's the possible issue we may have with this. We do not offer password SSH access, only via public/private keys (if at all).

What we need is a way to grant SSH-like access to only one of the accounts we host. This person does not want to use keys. Can this be done in our situation, and again, is this secure? I just don't want someone to get a hold of their computer and be able to do any more damage than they could with typical jailed SSH access.

Thanks for your response.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Thanks David,

But here's the possible issue we may have with this. We do not offer password SSH access, only via public/private keys (if at all).

What we need is a way to grant SSH-like access to only one of the accounts we host. This person does not want to use keys. Can this be done in our situation, and again, is this secure? I just don't want someone to get a hold of their computer and be able to do any more damage than they could with typical jailed SSH access.

Thanks for your response.
There is nothing special about the Java-based client. If you cannot login to SSH with a typical SSH client, you will not be able to login to SSH with the Java-based client.

If you want to allow non-keyed access to your server, that would be something you need to set up on your server.

Is there any particular reason the user does not want to use keys? Keyed authentication (especially if prompted for a password as well) is a more secure method for logging into SSH.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Thanks again for your response.

This particular user is traveling and wants ssh access from various different computers in the offices that he visits. He did not want to install keys everywhere, but we are unwilling to drop the keyed SSH access server-wide.
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Thanks again for your response.

This particular user is traveling and wants ssh access from various different computers in the offices that he visits. He did not want to install keys everywhere, but we are unwilling to drop the keyed SSH access server-wide.
One thing I did for a while was copy my private key to a USB thumb drive, set the file to read-only and then SSH from a client that let me select where a key was located (rather than installing it to the local machine).

If your client will be using predominantly Windows-based systems, they can use PuTTY placed on a USB thumb drive as their SSH client.