VPS and privacy
Is it possible (and legal?) for a provider to access the filesytem of a vps.
On OpenVZ it is probably something like:
cd /share/user4345387/fs
But what about KVM virtualization with encrypted filesystem and preboot authentication ?
Is it possible for the hoster in a default setup to access the unlocked encrypted guest filesystem ?
What about the legal ascpect of this ?
Comments
Yep. Just ramdump the KVM server and you'll get the key for the encrypted fs.
Probably illegal. But I guess the many providers around here can clarify.
No harm done if no one finds out...
That's how things work in low end segment.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
Is it legal? No. Can it be done, yeap. Should it be done? Unless there is a request made by legal authority, no.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Providers spy on you. The smaller the provider, the more free time he has for espionage.
Funny, but some providers ask you for a password if you open a ticket and ask for a help. Once I was looking for a help, opened a ticket and forgot to disable ssh key to help the provider to get access to my VPS, but the provider just get into my VPS with no problem at all, not having a password, not having a ssh key from me. That's the time when I understood that there's no privacy in modern world. If some providers would like to see the nudes of your girl, he can easily look in your nextcloud
I’m a small provider, I don’t have time, nor the interest in poking around your files.
Unless the police comes knocking at my door.
The only time a provider should look at a users files are with the consent of the user, most often to help out on a problem.
https://clients.mrvm.net
This is why dedicated servers and colocation are the only sure ways to retain privacy. Affordable options (lowend) are atom dedicated servers (preferably with raid 1) and pi colocation.
I mean I get bored at times, but still not interested in seeing what is inside your VM. Chances of reddit having better content is pretty high.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
"I AM BORED. Time to h4x0r my 31337 kl13n75"
/r/ryzengonewild
That's why you should never have nudes in the first place. Never understood the purpose of them tbh.
The only absolute safe place is a coffin, for a little while before bugs get in.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
Or....
VPS reviews | | MicroLXC | English is my nth language.
Yes, it is possible and depending on the terms, circumstances and intent, legal.
Yes but not as trivial to do so.
Yes possible, not at all trivial.
See the terms and computer misuse act of the country of the registered business for answers.
I think what everyone needs to understand is that your VPS disk, KVM, Xen, VMware, OpenVZ, virtuozzo, LXC, LXD etc etc is just a file on a bigger server, if that host server could not mount your disk then your VPS would not exist, to begin with.
Hosts have physical access to your server emulated or otherwise.
We can access your file system transparently and silently in most cases, we can also access your RAM making encryption less effective.
If you don't trust your host don't use them, pay more for your own hardware and security solutions, if you can't pay more to own and operate your own equipment and won't trust hosts then don't put it online, to begin with, you can't have it all ways.
In the case someone locks themselves out and decides to create work for a host rather than just putting the server in rescue mode and mounting their own disk and editing their own sshd_conf then what other choice are you giving us, we mount your disk and edit your files as per your request, we obviously would not mount your disk while it is in use as that could cause issues hence asking for an appropriate user/password if you cant do it yourself and the server is accessible via conventional means.
I think I have my next article idea though, a demonstration on KVM/OpenVZ of how secure your files are as it still seems to be a concern and point of wonder despite the thousands of times this conversation has played out online.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Nowadays with Proxmox, virt-manager, vagrant, etc., it's super easy to spin up a few KVMs and/or LXC and see for yourself just how dependent the guest OS is on the host OS, and how easy it is for the host to access secrets in the guest.
I have limited trust on VPS.
For OpenVZ, the “serial console” can enter the container without any password. Nothing prevents the provider from doing the same.
While I have my website and Nextcloud there, I keep off the really sensitive stuff.
The SSH private key on VPS is a separate one that is granted minimal GitHub privilege.
Scans of tax forms and passports stay in Dropbox.
I felt like taking a minute to chime in regarding ssh keypairs.
Every 'host' should have its own separate private key generated on itself (or off-vps : if you do not trust the user-land ssh-keygen and dependency libs(say openvz from a sketchy new host) )
Your own local workstation/laptops' private keys should not exist anywhere else except inside an encrypted backup.
The only truly secure data is one that is offline.
Or have your server in your basement or closet.
If above two options are not possible, dedicated servers are probably the only way with your own cabinet and key.
♻ Amitz day is October 21.
♻ Join Nigh sect by adopting my avatar. Let us spread the joys of the end.
3 workstations + 2 phones = 5 entries in authorized_keys
6 servers + 5 online services = 11 places to edit every time I get a new device
OR
On that topic, how do you guys handle your ssh keys? I have several servers, but one key per client is starting to become a hassle.
Agent. Key represents an identity, not a host https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
Maybe. At last year's BSides there was a talk about backdooring BMC chips, like iDRAC, iLOM, and so on. The premise was renting dedis and buying used servers is dangerous because BMCs can be compromised giving attackers a persistent way into the server, and people are better off with a VPS or cloud VM.
It's plausible.
Yes. Don't reuse ssh keys. It's like reusing a condom.
They should also have a password to add more security in case they are lost/stolen/exfiltrated.
I go the extra mile and generate key pairs for everything instead of reusing a single pair.
This is the thing. I've been in the IT game a long time with lots of deep access, and I always have better things to do. Most people do. Very few people care about other people's data, and most people's IP is useless to others. Unless you're storing the Colonel's recipe for friend chicken or the original cocaine laced Coca-Cola recipe, your files aren't worth anything to other people.
ssh-agent
and a.ssh/config
file.Alternately, setup FreeIPA and setup Kerberos or add SSH keys there.
I will risk all my reputation for that.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Take out a couple of hours and create a nice .ssh/config file.
I symlink mine out to my Seafile server's synced copy.
No joke. It's tasty.
I'm confused, isn't the host machine of said VPSes/Cloud VMs susceptible to those same attack vectors? Or is it more of a "let's just trust that the provider knows what they're doing rather than the average unmanaged user"?
Humble janitor of LES
Proud papa of YABS
Yes, if the host has a BMC chip which is plugged into the network, it's a candidate for this kind of attack.
Unknown persons having complete access to the hardware before you is the problem. It's like taking a turn with the town bike.
It's more about trusting the provider has better security and hygiene. A reputation for renting compromised equipment is bad for business.
Cheers, thanks for the explanation! Makes sense to me.
Humble janitor of LES
Proud papa of YABS
The most important part of this is trusting your provider. There are many low cost solutions which I pass on.
Back when I co-located (wasn't cost effective ultimately for my needs) I had the idrac port physically disconnected from the network. I needed Idrac access like once every year or so at most. A low priority ticket was enough for someone to plug it in and then unplug it a few days later. Sometimes low tech solutions are the best if they are feasible.
Also on this note people should remember to turn off VNC access after setting up their server. Little extra protection goes a long way.
Your right in that most people in IT don't care about that data. My greatest concern though has always been low level very poorly paid staff outsourced to countries with poor reputation of going after crooks. That foreign phone agent with full access to my credit report and bank accounts for example, who's now also working from home.... Not trying to generalize as it can happen anywhere but personally that's the kinda access that makes me weary.
As a host I can confirm this is excellent advice, I can confirm common VNC port ranges are scanned multiple times daily.
Those that sign up with "change" or "passwords" or "zaq12wsx" or "qazwsx" etc etc the usual ones in the quick 100 list of any basic dictionary attack are usually the ones that get compromised, they change their root password straight away and don't think to change their VNC password or disable VNC.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.