Web SSH SecurityExperienced system administrators and SSH users are wise to consider the implications of an SSH relay service. You need understand the GotoSSH.com service and the implications of using it. To help, we have prepared an explanation of how the service works, the risks involved, and the steps that have been taken to minimize the risk and ensure security. MethodGotoSSH.com uses secure encrypted connections end-to-end during you SSH session. When you open an SSH connection within GotoSSH.com, our server establishes a secure SSH connection to your server. Your web browser then communicates to our server using secure 128-bit SSL connections. Our server then acts as a relay for data travelling between your server and your web browser. RisksBy making your servers available online, you have exposed your servers to potential exploitation. The SSH protocol is secure, but weaknesses in any publicly accessible service have a chance of being exposed. Trusting a 3rd-party with connections to your servers is also a risk. By being in the middle of your connection, a 3rd-party could steal usernames, passwords, and could log transmission of sensitive data. By using GotoSSH.com, we understand that you are trusting us to respect the privacy of your data. We will never view, log, or monitor data that is relayed through our servers. Our system implementation and policies are geared toward minimizing the risks that are assumed by using this system. Password SafetyWe never store passwords or private keys to your servers. In the unlikely event that your GotoSSH.com account is compromised, no one will gain access to your servers. Each time you connect to one of your servers, you are required to enter both your own server's username and password, which is relayed directly to your server. And, in accordance with our logging policies, we do not log relayed traffic. Data LoggingWe never log any of the data that is relayed through our servers. No information originating on your servers, and no keypresses, are ever logged. If our servers are compromised, attackers will not gain access to your servers or your data, because we do not store it. Active SessionsDuring an SSH session on GotoSSH.com, we maintain an SSH connection to your server. Just as with any other SSH client, if you do not close your connection you are not practicing good security. Unclosed, SSH connections will eventually timeout and be closed by our system, but it is best to remember to "exit" any SSH session you have used. ResponsibilityWhile we have taken steps to keep you safe, ultimately, you are responsible for your data and should practice good security. We recommend some steps that you can take to protect your servers while keeping them SSH accessible:
More InformationWe do not cover configuration procedures for SSH servers. More information about the SSH protocol and security concerns are widely available on the World Wide Web. Questions?If you have any questions or concerns about the security of the system, please . |
|