witchcraft Posted July 4, 2011 Posted July 4, 2011 i am sorry for bumping this ... i have same question but i did a little research. i know that there is a way to enable the ssh with secure if you don't trust your users. with the cpanel shell , i was reading some articles the it work like jail ('jailshell') user cannot do commands behind his chroot. the reason i am asking to look over this issue its because i am using drupal cms & drush on my local server . and drush can give me the ability to use shell with some commands that i work all the time and it can give me the ability to mange sync between development \ production site. so if i cannot use ssh on your server i simply cannot using drush. (i can still work locally of course) there is any way that you can consider enable ssh with framework that will not breach your server ? (sorry if i have some incorrect spelling i tried to be clear as i can)
jje Posted July 4, 2011 Posted July 4, 2011 Which commands do you want to run, and we can run it for you. Also, username, domain, server?
Guest Geoff Posted July 4, 2011 Posted July 4, 2011 with the cpanel shell , i was reading some articles the it work like jail ('jailshell') user cannot do commands behind his chroot. Any determined cracker can get out of a jailshell in less than an hour.
jje Posted July 4, 2011 Posted July 4, 2011 Yes, SSH is too risky, and we would have to carry out lots of security audits (which we start but never finished) and patch up alot of disabilities. We don't want a repeat of what happened after Johnny was launched. If you need to run a command, let us know.
pctips Posted August 4, 2018 Posted August 4, 2018 Does this rule still apply?Do you need to run a specific command? DISCLAIMER: I am not a HelioHost OfficialI just asked this question because you might need it for something and jje had replied that if you need to run a command, let us know (for previous user) so I assume that if you ask and it can be done without creating problems, they will execute it for you.
Bailey Posted August 6, 2018 Posted August 6, 2018 @pctips, this is partly true but it depends on the type of command and whether Krydos or Wolstech actually want to run it due to some commands requiring a lot of resources or creating security vulnerabilitys. To anyone else reading this topic: It is best to either use software that doesn't need access to the terminal or build it locally and upload the built software to the server via FTP.
Byron Posted August 6, 2018 Posted August 6, 2018 whether Krydos or Wolstech actually want to run it. Or Ashoat or myself.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now