Enhanced Security vs teamwork


Is it supposed to be impossible for two people to work on the same web site now under the new Enhanced Security scheme? Or is there some configuration that I haven’t figured out yet? Or does everybody who works on the web site have to use the same userid? That’s not my idea of enhanced security.

Probably the easiest, though.

I guess I can just add more public keys to my .ssh/authorized_keys file, so at least we aren’t all sharing the same secret key.


You could create a user for each person you want to give access. Then require them to login as their user before letting them switch user to the “website user” (su - web_user). There should be a way to prevent anyone from logging in to your website user from a remote machine. I can’t quite seem to remember how that worked, but I think it was with access.conf (you’ll need to have root permissions on a VPS though).

Though not perfect, this way you’ll at least know who logged in at what time or who is logged in at a given moment.