My current hosting provider, hosting365 register365, is a traditional-style shared hosting service, where file upload is still done via FTP with passwords sent as clear text. They provide ssh access on demand, and it has to be manually approved by company’s staff. I don’t understand why don’t they provide shell by default. Maybe it’s part of being a traditional style hosting and trying to avoid the word “shell” or anything like it.
Shell they provide, but what about public key authentication? No, they don’t. As this is turned on by default in all Linux installations, they must have switched this option off. Why did they do that, remains a mystery as public key authentication is no less secure than password entry.