8

I'm curious how VPS accounts work. I know my shared hosting provider can look through my files since they've changed things in the past. If I purchase a VPS account, like from Linode or Slicehost for example, would the folks there be able to see my clients' files I've hosted inside my VPS account? Or would they need an authorized ssh key to do so?

andy
  • 191
  • 1
  • 3

5 Answers5

9

Ultimately there is nothing keeping them from accessing your virtual server's disk. If you are using something like Linode or Slicehost then they wouldn't do it by logging in as root unless you gave them the password. What they could do however is shut your VPS down and then mount the virtual disks on the virtual machine host. At that point all the files on your virtual server would be accessible to them. Another way of thinking about this is that if you had a physical server you leased from someone they as well could shut the server down, remove the disks and stick them in their own server to get access to what the disks contained. A VPS just makes extracting the "drives" easier.

carson
  • 1,630
  • 11
  • 15
4

Depending on what they're using for the underlying storage infrastructure they might also be able to take a live snapshot of your virtual disk and mount that separately, without having to take your server down. About the only way to guard against this is to use a disk encryption system such as TrueCrypt or the encryption support built into the OS. This has the major downsides when it comes to managing the key to unlock the encryption - you've got to be very paranoid to make it worthwhile.

Jason Abate
  • 441
  • 4
  • 3
3

It's pretty much as Carson says but even easier - Shut down the machine and copy the VPS drive or image the real drive. This reduces the down time considerably. Of course with virtualisation technology, such as is used by a VPS they can take a snapshot while the machine is still running, so it's highly unlikely that you would ever even notice it had been done.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
1

I had a VPS with a company using the Virtuozzo platform and they were able to access the server without the root password. I queried them about this and they indicated that such access is not possible with platforms based on Xen or VMWare.

If you're really paranoid, you could set up your VPS with a second virtual disk to contain your data, and use full disk encryption on it. You'll lose the ability to reboot it without requiring manual intervention to supply the decryption passphrase, but it also means snapshots of it will be unreadable without the passhprase (which you won't store on the server).

The only way for them to access your files would be for them to break into the server instance whilst it's running, and I don't think they'd have any special way of doing that.

JKim
  • 562
  • 3
  • 10
  • 6
    First, your provider misinformed you. Perhaps that's because they didn't know any better. Second, I can think of a few ways to access a running VM instance, having control of the host. None are outside the capabilities of most senior sysadmins. I can just pull your decryption key right out of memory, for instance. – Michael Hampton Feb 13 '13 at 04:04
0

Yes, they could technically access files. The virtual disk could be mounted read-only outside of the VM using various tools/scripts. The running VM (if KVM at least) can also be dumped to disk, including memory contents, decryption keys and everything else. They may also do a live migration and leave the old VM behind on an isolated network.

This won't work on any dm-crypt disks, but probably would work on LUKS crypt if you are using a key file that is stored in plain text. Capabilities overall depend on network and storage configuration.

Would they? Probably not, unless there is enough evidence to suggest you are doing something illegal and someone has requested forensic evidence be gathered from your nodes. Hopefully they would have a warrent; but you asked if they can, not if they should.

Aaron
  • 2,859
  • 2
  • 12
  • 30