0

I have KVN VPS. I encrypted full disk on CentOS install. I know sys admin can see my VNC but can they record what passwords I enter on VNC (disk encryption and ssh pass) ?

Blazer
  • 77
  • 2
  • 6

1 Answers1

2

root on the host system has access to everything in the system RAM, so yes, if determined, they could get access to more or less anything on your system.

You should probably ask yourself: if you can't trust your VPS provider, then why are you giving them your business?

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • I thought they can read the RAM only via firewire port on the server .. So they can do it remotely too ? Well, my business is online, the safe part I need to protect it is my client database and scripts I brought. I don't know any better way to protect it. – Blazer Oct 21 '13 at 22:16
  • I *highly* doubt that your VPS (guest or host) has a firewire port. And yes, all they would need is an open shell on the host system (console, SSH, etc.). – EEAA Oct 21 '13 at 22:17
  • Are you sure they can read my full disk encryption key so easily with no tools involved ? Because if so my only chance is my own server sealed and colocated at some datacenter. – Blazer Oct 21 '13 at 22:21
  • Yes. Think about it - you enter your encryption key, and then where does it get stored? In your VPS's system RAM. Which the host has full access to. There's really no way around that. If your security and privacy needs are so stringent, you should consider purchasing your own equipment and renting a rack at a local colo facility. – EEAA Oct 21 '13 at 22:23
  • How will they be able to read the key from the RAM ? remotely or they need physical access to the RAM ? – Blazer Oct 21 '13 at 22:27
  • 1
    Explaining how it's done is out of scope for this question. All you need to know is that the `root` user on your VPS's host system has **full access** to **everything on your VPS** while it's running, including your keys. Once again, consider purchasing your own equipment if you are so worried about your data. This will be my last comment, as this is getting off-topic. If you need more information, either post another question or edit this one requesting more details. – EEAA Oct 21 '13 at 22:30
  • thank you, I will do as you told me. I hope my server colocated on DC will solve the problem. – Blazer Oct 21 '13 at 22:35