# Security explanations

Considering the way {{SSH_Monitor}} is designed,
a monitoring server (with {{SSH_Monitor}} installed on it)
will have an {{SSH}} access to all the monitored targets.
If the monitoring server is compromised,
then an attacker could gain access to all the monitored targets using the {{SSH}} keys.
This could be an issue, even if the {{SSH}} keys are linked to low privilege users,
because exploiting escalation of privileges vulnerabilities is always a risk.

To mitigate this issue, you can restrict the {{target}}s' shell
so that only the needed {{shell_instruction}}s are available
(using `rbash`, i.e. restricted bash):
like described in [the security how-to](../how-to-guides/basics/security_how_to.md).