Hi all

I asked my developers to give me access to my server so I could have a copy of my database for my own piece of mind. But they are not being helpful and it's making me uncomfortable.

Anyway because of this I tried to use the terminal option to access my server but I got a 'port 22: Connection refused' error.

Following that I tried to use Filezilla route but that too didn't work (using my hostname, username and password that I login to Linode) and port 22 but that too failed.

A nice guy called Joel in Linode tech support suggested I try here as I'm not technical and just want to control access to my server so that nobody can delete or damage it and that I have a backup of the current version of the site which is in good working order.

Can anyone help me? I'm really stuck and don't know what to do.

Thanks

Hard to tell if they've (your so called developers) being dicks or just being cautious.

If they're just being cautious, you need to put your foot down, and insist that you get access, or at least a full copy of all databases and files. If you want root access, let them know you'll sign a letter removing them from all liability for any mistakes YOU make using that root access (i.e. fixing your mistakes is a billable item).

If they're being dicks, then what does your contract say? No contract? Then you're probably screwed.

This might be one of those "interesting" live lessons about being careful who you do business with.

Also (probably restating the obvious), if you still owe them money, don't pay until this is resolved.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

It all depends on wether or not your Developer pays for your Linode account. Is that true, or do you have the Linode account, and the developers have the SSH access? If the later, you can reset to root password through the Linode admin interface, and use that to regain access to your Linode through the command line.

Thanks for the advice vonskippy. I'm not sure what they are right now but I'd rather not have to force the issue to find out if I can regain control in another manner.

Alexfornuto - Yes - I setup the account and pay for it and gave them restricted user access, I thought I'd be protected in some way doing this? Do you have a link to something that tells me how to reset the root password and download all my files?

Here's the info on resetting the root password: https://www.linode.com/docs/platform/ac ... t-password

This will give you the ability to log in as the root user over SSH, or LISH if SSH has been disabled for the root user. Please note that it requires rebooting the Linode, which = downtime.

As for how you want to get your files from there, that's really a case-by-case answer. In any case, I'd suggest you pursue other avenues of communication with your developers before you start rebooting and changing passwords.

Disabling SSH and FTP on their usual ports is standard practice for many people nowadays. Although the security benefit of moving them to another port is questionable, at least it helps to keep the log files manageable. (Otherwise you'll get thousands of login attempts from random port scanners every day.)

Having said that, you're in full control of your server as long as you own the Linode account.

Some options:

- Reset the root password and log in via LISH
- Reboot into "single user mode" so that you don't even need a root password
- Revoke the developers' access so that they can't reset the root password again
- Clone your Linode and keep the clone a secret from your developers
- Subscribe to Linode's backup service, so that you have full backups even if the developers mess up something
- Subscribe to Linode's managed service, and ask them to make a full backup for you

Even if you don't actually exercise any of the options above (and I hope that you won't need to resort to any of them), the very fact that such options are readily available to you can be used as a powerful leverage against anyone who dares to keep you away from your own server.

The last few options will cost money, but the backup service in particular will be very helpful if anything goes wrong with the server. If you have a few bucks to spare, set up backups NOW before you head into confrontation mode.