N00b here - I'm upgrading my website so that it isn't using a deprecated version of MySql/ PHP. I'm not comfortable enough with the code so I'm using an outside developer.
Due to this being database related I they will need SSH access ... which scares me.
I'm mostly worried about this developer accessing or downloading files that they don't need/I don't want them to.
Are there activity logs when using SSH that shows what files were accessed?
Is there a way to delete the logs?
In a password protected area you can install for instance https://www.adminer.org/ or https://www.phpmyadmin.net/ to allow someone access to the database without giving them SSH access, but that won't allow them to upgrade the OS for you.
Almost regardless of how much you trust the developer, make a good backup beforehand of your system, settings and data.
No, you're allowing someone you don't trust to have root access to your servers. which means they can install a rat in the system or mess with it. you can log files accessed and permissions by creating an account and pass for the person but since he will need root access he can log in and then start deleting your monitoring system. which leaves you to square one. i suggest hire a firm that has reputation. hiring a single person from a craigslist ad would be asking for trouble.
