SSH, SFTP, and keys

What access tools do

SSH, SFTP, and deploy-key tools separate shell access, file access, source-code access, provider access, and workspace permissions. This separation matters when agencies manage infrastructure for multiple clients and contractors.

Before granting access

• Decide whether the person needs shell access, file access, deployment access, or dashboard access.
• Use individual keys rather than shared keys.
• Confirm provider keys and server-only keys are understood separately.
• Plan how access will be reviewed after launch or handover.

Typical workflow

1. Save a named SSH public key.
2. Sync it to existing servers or include it on future servers.
3. Add server-only keys only for exceptions or temporary access.
4. Create SFTP users with scoped directories and authentication choices.
5. Use deploy keys for repository access instead of broad personal credentials.
6. Review access when team or client ownership changes.

Checks before handover

• Every active key has an owner.
• Contractor access has an end date.
• Deploy keys are not confused with human shell access.
• SFTP users have the smallest useful directory scope.
• Provider-level keys remain visible in the connected provider account.

Common issues

• A shared SSH key remains after a contractor leaves.
• SFTP access is broader than the file-transfer workflow needs.
• A deploy key is removed and production deployments start failing.
• Provider keys are updated but server access is not reviewed.

Related guides

• How to manage SSH keys for client infrastructure
• How to automate SFTP and FTP file transfers
• How to connect source control for site deployments