How secure is the ssh access for users?


I want to permit some users to access on their user account with SSH.
I have found the way to doing this by adding their ssh key and select the bash access on their account.
My question is about security : once the user connected by ssh, he can navigate inside some root directories : /etc and /var/cache for examples.
Is it OK on a production use case ?
Can’t we secure this ssh connection to give only the access to the home’s user directory ?
What about if my ssh user’s computer is corrupted by malware ?

Thanks for your comments

It would require a jailed ssh …

1 Like

OK but if I read this topic I understand than I have to set nologin option.
However my user need is to access on their apache2 logs in realtime, and sometime scp and rsync commands.
So for now, is there a jailed ssh access to the home directory or not yet ?

In the next release we will have shell access via the browser. But I am not sure we can access the log files via it …

1 Like

That is why we need a rssh or something similar…

OK but why it is not already implemented in Hestia ?
Immature technology ?
Hard work to implement ?

I have other priorities and other things to do?

Nobody wants to develop it or pay for it?

And so on…. It is opensource … in the past there was rssh package but Debian / uUbuntu don’t supply it any more because it was never updated….

1 Like

Thanks for explanations.
How much do you ask for this development ?
Maybe we can crowdfund it with several HestiaCP users if the cost is too important for me ?

1 Like

I have tried in the past with RUSH but gave up at the time…

1 Like