Nexcess Logo

What are the advantages of using SSH keys to control access for multiple users?

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
September 11, 2019

SSH keys offer a means for site administrators to allow multiple individuals to share one user and all associated permissions while remaining PCI-compliant.


If you require SSH access for multiple users, the use of SSH keys instead of individual logins can bypass many of the headaches involved in user management. When using SSH keys, the administrator sets permissions for one user account, creates multiple key pairs for one user account, and assigns a unique key pair to each individual. Because this method uses unique key pairs instead of traditional login credentials, this maintains PCI DSS compliance despite the shared user account.

The use of multiple SSH keys to grant secure server access to multiple individuals affords three advantages over assigning separate user accounts with traditional login credentials.

  • Grants access to multiple parties without sharing passwords

  • Simplifies permission management; all parties log in as the same user and thereby share permissions

  • Allow for easy access revocation as needed

For example, if you employ a developer and a webmaster, and both individuals require SSH access, you can create one user, set appropriate permissions, and then distribute a unique SSH key pair to each individual. Most importantly, these individuals never share passwords and therefore comply to PCI DSS.

How they work

SSH keys avoid traditional login credentials in favor of a key pair consisting of a private and a public key. Both keys are required for server access. The private key is unique to each user and is stored on that user’s device, where it will never be revealed to the server or to another user. Furthermore, SSH keys are significantly more complex than traditional passwords, making them much more resistant to brute-force attacks.

Managing users

Using SSH keys, when an individual no longer requires access, you can delete the public key from the server and leave the user intact. This prevents issues that arise when attempting to access files belonging to a user that no longer exists.

ATTENTION: Audit your SSH keys list regularly and delete any not currently in use. Unmanaged keys represent a significant security risk.

Servers store public keys in the /home/<username>/.ssh/authorized_keys directory, but <username> with your username. Removing the key only requires the deletion of this line from the directory.

Creating SSH keys

For assistance with their creation, see How to create SSH keys in macOS and Linux or How to create SSH Keys in Windows with Putty

For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.