Secure Shell (SSH) user setup, access, and FAQ for the Nexcess Cloud
Secure Shell (SSH) — also known as Secure Socket Shell (SSH) — users on the Nexcess Cloud have a particular setup and configuration concerning Nexcess web hosting administration that some customers may not be used to.
SSH user setup was done in such a way at Nexcess to help with ease of use for web hosting teams. This knowledge base article provides an overview of how SSH users are set up on the Nexcess Cloud infrastructure, so customers understand the specifics of our hosting environment better for the sake of server administration and teamwork.
Secure Shell (SSH) user setup differences between hosting plans at Nexcess
At Nexcess, the Secure Shell (SSH) user setup depends on your web hosting product and platform:
- On Managed WordPress (MWP)/Managed WooCommerce (MWCH) hosting plans, each website has its own individual SSH user.
- On all other Nexcess Cloud plans (Magento, Flex, etc.), each hosting plan has its own SSH user.
More about Secure Shell (SSH) connections
For this article, we will use the example website of “abc123.nxcli.net” and the example main account/site SSH user of “a123b4c5” for our use case illustration purposes. All files for our website example will be owned by the main account/site SSH user of “a123b4c5” in our demonstrative use case covered in this article.
Only the SSH user specific to our example domain above (in this example, SSH user “a123b4c5”) has complete control over the files/folders and can:
- Modify permissions for files/folders.
- Add and delete files/folders.
No customer can log in as this main account/site SSH user (the SSH user “a123b4c5” in our example).
Example of Secure Shell (SSH) users for each team member
Each team member on the plan will have their own SSH user. We have an example for you — see the output shown below.
This output is returned when a search has been run for all users in the /home folder that starts with the text string of “a123b4c5”:
Code snippet example output
ls /home/a123b4c5*
/home/a123b4c5:
/home/a123b4c5_1:
/home/a123b4c5_10:
/home/a123b4c5_11:
/home/a123b4c5_12:
/home/a123b4c5_13:
/home/a123b4c5_14:
/home/a123b4c5_2:
/home/a123b4c5_3:
/home/a123b4c5_4:
/home/a123b4c5_5:
/home/a123b4c5_6:
/home/a123b4c5_7:
/home/a123b4c5_8:
/home/a123b4c5_9:
The example above is for an account that has 14 team members. While each team member has their own SSH user account and home folder, none of those SSH users with an underscore and number in the username will own files on the site. The files on the site are all owned by the main account/site SSH user. In this example “a123b4c5” is the main account/site SSH user.
How connecting via Secure Shell (SSH) works per team member
Here is how connecting via SSH works per team member:
1. Let’s say you want to log in as their individual SSH user (in this example, “a123b4c5_13”).
2. When you connect to the Nexcess Cloud host, a process at Nexcess looks up the corresponding main account/site SSH user for them, which is SSH user “a123b4c5” in our case. Specifically, “a123b4c5” is the main account/site SSH user to which the team member “a123b4c5_13” SSH user account belongs.
- This setup also allows each team member to have their own SSH password and SSH keys yet access the same files as the rest of the team.
3. Once authenticated by the server, a process looks up the requested user’s information in an internal database at Nexcess.
4. If everything matches, the client is placed in a shell as the requested user (in this example, individual team member SSH user “a123b4c5_13”).
- It is almost like the additional team member SSH users are aliases of the main account/site SSH user.
The use case in this article is an extreme oversimplification of what happens, but hopefully, this helps get the point across of how SSH user accounts for web hosting team members are managed using the main account/site SSH user.