Solution:
It is not safe to give the WordPress an SSH access for updates. and also if the website get hacked the hacker could get access to modify your php files and add new ones. Whatever you do if the website get hacked you gonna face files permission problems but you can protect from thus hacks by telling apache to not execute any php file that go under wp-content/uploads
What you can try to do is the following sudo chown -R user:www-data /var/www/wordpress and add this line define(‘FSMETHOD’, 'direct); in your wp-config.php that would allow WordPress to autoupdate the plugins/themes/core without using the SSH access.
You can check more about my answer here