SHConnect: SH Way of Secure Server Access

SHConnect, SH Connection Enabler, SH Connection Remover
This article will discuss the issues with SSH key-based and password-based authentication methods. Also, the features and details of our new and advanced server access method called SHConnect.

First, let’s talk about why we decided to move away from the legacy ways of accessing the servers. When we say legacy server access methods, most organizations and companies still use password-based and key-based authentications, and it’s not that outdated. In fact, we are still using SSH key-based authentications to connect client servers to our automation platforms. But for our technicians to access the servers, we thought we needed something better and advanced because the number of servers that we manage and maintain keeps increasing day by day. Also, we wanted to provide few more layers of security for our customers, better logging, screen recordings of server activities that we perform, work collaboration, and also a uniform and more secured access using SHConnect agent.

 

SHConnect – Our new and advanced way to access servers securely.

SHConnect is an advanced and more secured server authentication method that our team uses to remotely access servers, web applications, Kubernetes clusters, and databases across all the environments.

The features offered by this new authentication method are: 

    • This new approach is more secure than the commonly used SSH key-based and password-based authentication methods.
    • There is no need for clients to provide server root passwords or add our keys to the client’s server.
    • The ServerHealers team will create a sudo user by running a script, and all the access to the server will be through this dedicated sudo user. No direct root access is allowed in the servers.
    • This method also requires minimal installation with less than 100M size. A SHConnect agent will be running on a custom port in the server to provide us access to the server. ( We will be connecting to your server using this SHConnect agent and won’t use the default SSH service installed in your server. )
    • All staff-level activities are logged on our system, along with access logs, the reason for connecting to the server, ticket ID, and even video screen recordings of all the server activities that we perform.
    • The staff-level access is set up through our gateway system with limited session validity and two-factor authentication (2FA) for better security.
    • Connections to the servers are only allowed through the ServerHealers office IPs and secured VPN servers.

 

“SH Connection Enabler” Script
You will need to log in to your Linux-based server as the root user and execute the “SH Connection Enabler” script given below to make your server ready to connect with the ServerHealers Ansible-based automation platform. ( After running the script given below, please proceed and complete the order and that’ll complete the connection process. )

curl -s scripts.serverhealers.com/shconnect/shce | bash

SH Connection Enabler

This script will modify a few files on your server. Those are given below and the reason for the modification.

FileModification
/home/shconnectCreate a home directory for the ServerHealers dedicated user.
/etc/passwdAdd the newly created dedicated user in this file.
/etc/groupsAdd the newly created dedicated user in this file.
/etc/sudoers.d/serverhealersAdd sudo privileges to the created dedicated user.
/home/shconnect/.ssh/authorized_keysAdd ServerHealers system backup keys to this file.
/etc/ssh/sshd_configModify this file only if the below entry/restriction exists:

AllowUsers variable adjustment

/etc/hosts.allowModify this file only if the below entry/restriction exists:

Host Access Control adjustment

/var/log/serverhealers_connect.logCreate this log file to store the ServerHealers Connection Enabler script.
Whitelist ServerHealers IP address (CSF/APF/Imunify360/UFW/Firewalld)Whitelist the ServerHealers office/system IP addresses on the firewall.

 

The “SH Connection Enabler” will install SHConnect agent in your server, open the custom port, and will also validate the connection to our platform. ( Please also make sure you don’t have any external firewalls blocking port 3022.)

 Once you do this, your server will be all set and ready to connect to our platform. We’ll then manually verify your order, and when we accept the order, our automation system will install “SHConnect” agent and necessary cronjobs in your server, and that will complete the connection process.

 

“SH Connection Remover” Script

Log in to your Linux-based server as the root user and execute the “SH Connection Remover” script below to remove and disconnect your server from all ServerHealers platforms. This script will also revert all the changes made by the “SH Connection Enabler” script.

curl -s scripts.serverhealers.com/shconnect/shcr | bash

SH Connection Remover

We hope this article was helpful, and do reach out to us if you have any queries or suggestions.

Share this post

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp

Stay up to date!

Stay up to date with the Web Hosting, Cloud and Server Management Industry News and Tutorials!

We will send you only the relevant emails, and we respect your privacy. Please review our privacy policy for more info.

We heal servers, clouds, and your business!

All you will ever need under one roof with superior quality of service
Are you a web hosting business owner? Running a data center? Cloud service provider? Server owner, or do you own a WordPress website? We provide services and solutions for all your requirements for an affordable rate with quality second to none.
Why Us?

Value-Added Services

We have services that can help you run a successful business. With us, you don't have to worry about these areas because our experts will take care of it for you.

ServerHealers uses cookies.