A large business undergoing a cyber security audit will undoubtedly determine that the SSH port of the hosting server is available from any IP address on the internet. This will be flagged as a major security issue. Currently there is no way to use WPMU for hosting and pass a security audit, which means we must host these websites on other platforms or a CPanel/WHM account where we can block ports. For us this results in lost business or more complexity when we would like to host our client sites on WPMUDev.
For the end client to maintain their business insurance SSH port access need to be changed so that one of the following is implemented:
1) SSH requires keys, not just username/password
2) SSH access is limited to a white-listed set of IP addresses
3) SSH port is blocked
Clearly the best of these options from a shared hosting standpoint is #1. This is how other hosting companies serving larger businesses do it, like WPEngine.
Please consider implementing a solution for SSH access that will pass medium-large business cyber security audits so that we can provide website services to these end clients via WPMU.
Thanks!