SSH keys and access to customer data
- Edited
mike need system built in enhance to show end users when their data has been accessed by support team (us), what data has been accessed and changed. Or if it has been just copied etc. maybe email to end users with content of what’s been done as logs after every support request and access given to their data … with consent built in too regarding accessing sensitive data…
I don’t think I ve seen this in roadmap or future request
- Edited
Kosta need system built in enhance to show end users when their data has been accessed by support team (us), what data has been accessed and changed
You're asking for a system level feature here.. and.. what you are asking to the best of my knowledge isn't something any "panel" has implemented anyway. You'll need to dig in to linux logging and the different levels that are available. In other words, the depth of logging you are requesting is never going to be possible in Enhance (in my opinion). Enhance is a control panel, not a linux systems management tool.. you might need to lift your server admin goals a little higher.
Side point, why do you give Enhance access to your server? And if you had a valid reason (ie you broke something you need them to fix), just block their IP address or remove the SSH key afterwards. It's all a little strange.. you trust Enhance enough to install their software (and updates) yet you don't trust them to access your server directly. You've got to give some degree of trust even in a secure environment.
PS My reply is a little simplistic, but your feature request doesn’t feel well thought out.
It’s nothing about trust it’s all business as they offer control panel they offer day to day admin utilities to manage these servers servers that are not enhance property and servers security I need to take care off. I think I am asking for very needed security utilities to be build into enhance to help manage my business with current regulations and future.
PS: I trusted Enhance a year ago now it’s nothing for me since they never could manage their product properly I am here to help them build something better
Reason is more related to workers under my business like support team who will need access to customer data in day to day. What if customer sue me because my support team copied their site data, me without knowing … there is not trust here it’s all business
All features in enhance are system level lol
Clearly no one could understand what it requires
Enhance personnel has no access unless you provide them by allowing their public key, or don't delete it after they do work to fix something (which you can deny, and do yourself as per their instructions).
Enhance panel has access to the server as advertised, unless you believe there are backdoors programmed in.
Any of your own staff can use their own keys on SSH level, and logins with the control panel with appropriate permissions.
So what's the security issue here then?
- Edited
rdbf it’s nothing to do with enhance personnel omg
It’s about what our and yours support team do with customer data it’s about having logs to prove you customers in event of leakage of data that wasn’t leaked by your support team. Means it’s a security feature to protect you business from having big fines.
I am talking for SSH keys as this is the way to getting access to their containers..
Clearly only one or two only in this community can understands