What are the advantages of using SSH keys to control access for multiple users?

What are the advantages of using SSH keys to control access for multiple users?

SSH keys offer a means for site administrators to allow multiple individuals to share one user and all associated permissions while remaining PCI DSS-compliant.


If you require SSH access for multiple users, the use of SSH keys instead of individual logins can bypass many of the headaches involved in user management. When using SSH keys, the administrator sets permissions for one user account, creates multiple key pairs for one user account, and assigns a unique key pair to each individual. Because this method uses unique key pairs instead of traditional login credentials, this maintains PCI DSS compliance despite the shared user account.

The use of multiple SSH keys to grant secure server access to multiple individuals affords three advantages over assigning separate user accounts with traditional login credentials.

  • Grants access to multiple parties without sharing passwords

  • Simplifies permission management; all parties log in as the same user and thereby share permissions

  • Allow for easy access revocation as needed

For example, if you employ a developer and a webmaster, and both individuals require SSH access, you can create one user, set appropriate permissions, and then distribute a unique SSH key pair to each individual. Most importantly, these individuals never share passwords and therefore comply to PCI DSS.

How they work

SSH keys avoid traditional login credentials in favor of a key pair consisting of a private and a public key. Both keys are required for server access. The private key is unique to each user and is stored on that user’s device, where it will never be revealed to the server or to another user. Furthermore, SSH keys are significantly more complex than traditional passwords, making them much more resistant to brute-force attacks.

Managing users

Using SSH keys, when an individual no longer requires access, you can delete the public key from the server and leave the user intact. This prevents issues that arise when attempting to access files belonging to a user that no longer exists.

Attention: Audit your SSH keys list regularly and delete any not currently in use. Unmanaged keys represent a significant security risk.

Servers store public keys in the /home/<username>/.ssh/authorized_keys directory, but <username> with your username. Removing the key only requires the deletion of this line from the directory.

Creating SSH keys

For assistance with their creation, refer to How to create SSH keys.


For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal

Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How to transfer files to a server with SFTP
Added on Wed, May 23, 2018
How Nexcess limits bad bots
Added on Mon, Apr 15, 2019
How can I prevent my site from being compromised?
Added on Mon, Mar 18, 2019
How to use two-factor authentication in the Client Portal
Added on Wed, May 30, 2018
How to secure your ExpressionEngine website
Added on Mon, Jan 14, 2019
How to create a secure password
Added on Wed, Dec 26, 2018
How to reset your SSH password and add SSH keys in SiteWorx
Added on Mon, Dec 17, 2018
How to create SSH keys in Windows with PuTTY
Added on Wed, Dec 26, 2018
How to enable SSH access
Added on Mon, Dec 17, 2018
How to add SSH keys to your Nexcess Cloud account
Added on Tue, Oct 23, 2018