I am concerned about the security for the SSH Login scheme for MODX Cloud. It seems there is a single SSH login associated with a Cloud and there is no more granularity to the login system than that. I imagine a better system could have each member who has access to a Cloud be given their own individual login.
Currently, if a member's access to a cloud has been revoked, could they not still access the SSH and SFTP if they have the credentials? Additionally, there is no obvious way to change the login credentials from the dashboard. I feel that, once a member's access is revoked there should be a system in place to ensure that their access is revoked entirely. Maybe SSH keys can be used to grant access to a member's account via SSH/SFTP, making it easier to deny access to logins using that key after the associated account has been revoked.
Or am I missing something?