My reseller account at ehostpros.com won't allow SSH - as a security precaution. (Although overall they seem to be a good host with a good price despite an hour or so of downtime now and then)

I want SSH simply for SFTP secure log on and file uploading to my sites. I don't really understand why standard FTP log on isn't more widely complained about as a security nightmare. Wouldn't it be very easy for someone to gain access to the user name and password and hijack an entire website? If SSH is a security problem for shared servers, why isn't there some kind of limited access encrypted FTP log on that doesn't give all the threatening access that SSH appears to.

I found another reseller hosting service - hllmedia.com that allows SSH with drivers licence. They also use CPANEL. The cost is a bit more but it still seems pretty reasonable. It seems they has several hours of downtime in July though.

I also don't know if this issue of SSH security is any different amoung the various control panels, CPANEL, PLESK, ENSIM, etc, but this isn't the correct forum catagory for that...

Anyway, who has the solution?

If you really want to use SFTP and need a solution, all I can say is change providers. Use one that will allow you to use SFTP.

If hllmedia.com allows SSH with a drivers licence and that isn't too troublesome, you may want to consider them. If their several hours of downtime affects you somehow, email them asking what the cause of the downtime is. It maybe because of data center faults and not server faults.

ehostpros is good enough and cheap enough that I'll stick with them, especially after setting up plenty of simple websites there. But for certain sites that require some security I'll keep looking for an SFTP answer. I'm debating whether the reseller model can even work where reliable uptime and security is concerned. With hundreds or even thousands of sites on a single server someone could run a funky script and bog down the entire box.

I'm even considering a $100 month range dedicated server, but I have no experience with that, and the word "managed" usually adds another $100 to the monthly bill.

Does anybody know what managing your own server entails? How do you reboot when you need to? Install your own security updates? Yikes! Sounds like trouble to me!

Hey Richard,

unfortunately it's much easier to manage virtual FTP users than it is to manage SSH / SFTP use, which is a big reason why there's no widespread movement from FTP as of yet.

may want to ask your host if they'll run FTP over SSL to at least encrypt the login process (the data sent won't be encrypted though)