I suggest you ...

Rehabilitate SSH access with application credentials

Rehabilitate SSH access with application credentials and not for only Master credentials.

In my case, we have our software, installed on our software, that connect via SSH to single application for launch some php script with php-cli.

Now, i can't give master password to our customer!

4 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ignazio shared this idea  ·   ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Clive commented  · 

        I really value this feature - thank you for reinstating. Is it still the case that application-specific SSH access allows read-only access to files of different applications living on the same server, or have you found a way to lock this down?

      • Adam commented  · 

        Cloudways, I've just signed up, was evaluating you to use for hosting, however, my customers will expect drush alias support, and naturally, it appears I can't offer this without giving people access to the whole server.

        Surely there is a way to strike a balance between securing the server (and stop people browsing around other people's files), and allowing really useful tools like drush for executing remote commands?

      • Rex So commented  · 

        Hi Ignazio,

        I face exactly the same problem and this doesn't make sense to me as well.

        I'm quite unsatisfied with removing the flexibility to assign SSH access limited to one application.

        In fact, one server can have multiple applications delegated to different developers. As a server administrator, I will never share my master credential to the others.

      • AdminCloudways (Admin, Cloudways) commented  · 

        Ignazio, this will not come back. If we give SSH access to application credentials we will have the same problem that we had before, that is that you could SSH with app specific credentials and see all files for all other apps.

        One of the objectives of the change was precisely to fix this problem.

        Before when you were giving application SSH/SFTP user to one of your customers, that user had read access to all other apps all the same. So other customers could access (not change, true) files/folders of other apps. So you were already giving access to all apps, same as if you share master creds now.

        We will listen to what customers have to say, but as of now, many more people appreciate the fact that application credentials properly isolate apps between them than people missing the SSH capabilities for them.

        Cloudways Team

      Feedback and Knowledge Base