# DuskShell Security Notes

DuskShell is intended for authorized server management. Users should only connect to servers, containers, sites, and networks they are permitted to administer.

## User responsibility

Users are responsible for:

- Confirming that they have permission to access each server.
- Reviewing commands before execution.
- Backing up important configuration before changes.
- Understanding the impact of file deletion, service restart, Docker actions, and Nginx reloads.
- Protecting SSH credentials, API keys, tokens, and private keys.

## Recommended operational practices

- Prefer SSH key authentication over password authentication.
- Use passphrases for private keys where practical.
- Avoid long-term direct root usage for routine maintenance.
- Use least-privilege accounts for production servers.
- Back up files before editing configuration such as Nginx, Docker Compose, `.env`, service units, or deployment scripts.
- Verify AI-generated explanations and commands before acting.

## Account and membership data

The website account system is used for membership, device authorization, billing redirects, and account management. Website pages for login, registration, billing, account center, and account deletion are marked as non-indexable for search engines.

## Privacy and terms

Privacy Policy: https://duskshell.owwo.com/privacy

Terms of Service: https://duskshell.owwo.com/terms