Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


authorized_keys on a newly created container
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

authorized_keys on a newly created container

marrcomarrco Member
edited April 2014 in General

Regarding this offer: http://lowendtalk.com/discussion/26408/seflow-net-ssd-cloud-from-0-0015-h-1-08-month-charge-5-and-get-10-new-prices
i'm testing a VPS from SeFlow/DomFlow and on a newly created server i find inside .ssh/ a populates authorized_keys with this inside:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuKeAOjUCA9BdtPSZb4FKZeNQJLqQq5J50cJCmrokL

5yCax1lIvNg3IgRj2ErgCXNdiObSuGhbpJUIyPBd94AF6y7qQJAoxiLUR62gm/0iDWRJrLMJr8
wGCS7+gFwDX1AJFKsJQmMRViiEd7h007cPLogB/9Q5vFXpPiftLTUMrX6GuibPCmBn00n1
NR+T+3yV1PtwfthbGprZiS0u+nZiBod9cizFLXdXoW94HcC8z8QluDpSzl+8YcbGMAesM9
z+4xev+r+Ukke8pDmbshHrrCy1saqhraPQuycE+lvyq95AJ0dwzbMbb++2CLwNiC7wnk
Hz5ZGjbydvGBQda0eLQ==

and within known_hosts

|1|HxAYbI07yepaQi/FxhPNsSeGMeo=|lN9Q1euQgP9mxgh8Tg6XBohM7Is= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNJPgVhvgWrO3ch

62SNdyNyEKr++SGuDB48IRU3F9Cm2YIoXK9JKnTaKSD2/vaav4f22m9mc/NQ5xlsYZZBlA0Y=

I can't find anything on their website explaining that, nor i ever authorized them to keep a backdoor to enter my server. Is there anything evident i'm missing here? Any reason to preload an unmanaged vps with a ssh key?

netstat here: http://s.lowendshare.com/3/1398844685.7.netstat

ps aux here: http://s.lowendshare.com/3/1398844346.530.psaux

Template is a debian wheezy 32 bit (1 year old 7.01), but i can't tell how heavily modified. With many listening services (ntpd, snmpd ...) and the vballoon process running. Hypervisor is KVM so it should be easy to let users install official, updated, clean iso.

The provider is not willing to provide a clean, minimal debian iso, with just virtio drivers. So i'm open to suggestions. Is there a safe way to remove everything and get a surely clean server ?

Comments

  • wychwych Member

    I can't se SeFlow putting anything malicious in, ask support why its there if you really wanna know...

  • Its mostly just so their techs have access to the server if they need it to provide assistance.OVH does the exact same thing.

  • @marrco,
    why you brought the service if you not trust with us? Are two days that every time you comment it there are a part where you suspect that we do something dishonest. First that our cloud is not datacenter redundant, then that is not real cloud but a simple vps, now ssh keys.... Really, if you not trust in us i can give you full refund without justification needed. We're 10 years reputable company with multi million revenue, we not need some strange jokes or false advertisment to take customers. We're in stage where reputation come first.

    SSH keys are put by onapp panel (ALL OnAPP provider had this) to manage some function like autoscaling, change root password, rebuild network, load balancing features, etc. Feel free to remove it, but remember that some panel functions will stop working.

    Regards

  • marrcomarrco Member
    edited April 2014

    @darknyan OVH has that feature clearly documented. It's part of their support service, and they even include additional daemons to monitor your server, you can verify that via their excellent control panel.

    @matteob, i bought your service to test it. But it looks like you don't like that. This is a forum, not your private advertising space. And I appreciate you corrected the 'rounding error' in your pages wrongly showing that you could buy a 384/5gb for 1.08.

    And i never said that you vps is not 'datacenter redundant' i just asked if there's a way I can test/use that feature. Like i asked about the balloon driver and about poor network performance in my tests. As i already told you i'm not interested in a refund. I bought many VPS and tested quite a few great and not so good providers in the last few years.

    One thing that i'd like to learn, if you know and care to explain, since you play in a league where reputation comes first and have a company with multi million revenue and "target customers are total different and nobody (i want underline nobody) that come in our website are interested in vps lower then 1Ge ram" is why you suggest to get a vps with more ram, but then you run the baloon driver.

    I thought that "you can downgrade resource later, but i not suggest it for performance." was a good suggestion, but since ram is oversold (via the virtio_balloon and doing a free -m you can see that total is changing) i don't know if that still holds true.

    On the lighter side, since you're quite new to leb/let, and you and your very important customers think a lot of ram is necessary for every vps, this is a quote from LEA: "For a WordPress blog, this very site runs on a Xen VPS with 80MB of memory. Fast enough for me. July 18, 2010".

  • again...you not ask it, just say balloon driver = seflow oversell ram....

    Balloon is used only when autoscaling feature is enabled to permit vm to resize without reboot.

    Our Cloud platform is not overselled and we NEVER oversell anything on it **because is not a low end platform, but a true High Availability cloud platform **

    You're free to write in this forum, but an intelligent person speaks when he knows the topic. Our skilled support work 24/24 so, if you not know something, ask it, then, you can join here and comment, judge and anything else.

  • marrcomarrco Member
    edited April 2014

    matteo, i said something different. And what i said was technically correct.
    And this is not the first time you're quite rude to other members of this board. I'm not calling you a not intelligent person when you tried to sell (at a very good price) powered off vps. Nor when your price mis-calculator had a "rounding bug" so that advertised price was ~ 40% different than real cost.

    your bad attitude, poor network performance (compared to other vps in the same campus) make me think your company will never be one of the top dog here. We will see in the next quarterly poll if i'm wrong.

  • matteobmatteob Barred
    edited April 2014

    @marrco said:

    Marco i'm not interested to be the best here, i just want see my customer happy and have REAL feedback on forums.

    If you write "Debian 7.0.1 image is old", is your opininon and is ok, but if you put doubt on our honesty, sorry but you do not deserve my respect and i'm a person not a robot, i will be rude with you.

    Please start respecting our work and i'm be happy to be at your disposal

    Have nice day

  • @matteob care to explain this?

    We are sorry to inform you that the service CloudFlow vDatacenter
    was suspended due to you will refunded soon .

    >

    Please contact us as soon as possible to avoid further disruptions.

    feel free to tell if i ever abused your vps or resources, show my usage graph. I did nothing, just a few tests. Are you shutting down my account because you don't like my posts here?

    **a big warning sign. This "provider" will disable your service if he doesn't like your reviews. **

  • NekkiNekki Veteran

    @matteob did you suspend because of @marrco's comments here?

  • @Nekki said:

    No, i suspended for another reason that i not want to share in public because i'm a gentleman . Is not important what he write here and if I were him I would have the decency not to go beyond.

  • marrcomarrco Member
    edited April 2014

    Hi matteo, i tried to contact you, but on your website chat you are not available. You have my email, you can use it. I also sent you a PM here

  • NekkiNekki Veteran

    Well that's no fun.

  • VPNVPN Member

    marrco asked a question, matteob didn't like the question so suspended him. Seems legit.

  • wychwych Member

    Now I am curious...

  • @OkiedDoke matteob said it's a different reason, and as a correct person he won't tell in public. And i appreciate that. But i'm curious to know it in private. There are lots of legitimate reasons, let's wait. Maybe i will have to apologize because i did something wrong. Who knows.

    I already tried to contact him. let's give him time to tell me what the problem is.

  • I smell DRAMA...

  • FalzoFalzo Member

    remove authorized_keys file, change sshd_config to allow only own trusted user?

  • @Falzo said:
    remove authorized_keys file, change sshd_config to allow only own trusted user?

    Removing it is simple, but it is the intention of pre-planting a public key without the acknowledgement of the customer being discussed here.

  • wychwych Member

    @sundaymouse said:
    Removing it is simple, but it is the intention of pre-planting a public key without the acknowledgement of the customer being discussed here.

    I think OP over reacted but it should be in ToS.

  • FalzoFalzo Member

    so better send him a law suit? ;-)
    (regarding to the country and legal situation there regarding data privacy)

    I don't think this will change anything... for sure its not the right way without mention it or clarifying before.

    What I've meant is, that I don't think this really can be discussed, u can leave him behind or deal with it.

    after all one is responsible for his server security on his own, so securing shell and hardening system should be done either way in first place...

  • hi,
    just as update, keys are not used by our staff, but by control panel. Customer can change or read (if they canceled it) everytime trought customer portal using button "Set SSH keys". Same keys can be used by customer to login to VM without using password.

    For more information please read: https://docs.onapp.com/display/3doc/Add+SSH+Key?src=search

    Same action can be done trought API. Customer can do everything from API, as add their SSH key, list all keys in the vm and much more.

    If customer not want use that feature, just remove it. :-)

  • On the topic of SSH keys and Solus, I wish Solus had the same tools that DigitalOcean had to automatically add your SSH key to a new instance.

  • @AThomasHowe said:

    I not know Solusvm. We use OnAPP as customer portal

  • matteob said: I not know Solusvm. We use OnAPP as customer portal

    My bad, I've not used your services or OnAPP. I bet it'd make a nice feature for OnAPP too though :P

  • @AThomasHowe said:

    oh ok! :-)

    Thanked by 1AThomasHowe
  • marrcomarrco Member
    edited April 2014

    @matteob i tried to contact you via chat, i sent you a PM here and sent an email in reply to yours.

    While i do appreciate that you have not suspended me (i can't even enter clientarea) because of my comments here, and that you can't tell it in public because you're a gentleman, but i still like to know the reason. Then i will apologize here, if it was really my fault. Sometimes mistakes happen, but i really have no idea of the problem. I did not abuse resources, i checked with paypal ad payment was ok, so let me know!

  • @marrco said:

    we already did a full refund to you and suspended account after we make sure that you did not have important data on it. Now someone else will review all and will send you a letter will all details you search.

    Have good day

  • marrcomarrco Member
    edited April 2014

    @matteob Thanks for refunding me, but that was not what i asked.

    Considering you said here that you didn't suspend me because of my review and comments, and considering that i didn't use the vps i bought for anything shady/not legal (i run a few tests, download a testfile.img 2 times and then deleted my server) i find quite curious that you need to write me a LETTER.
    It looks like you're going to sue me because you don't like the question i asked. A multimillion company suing a guy because they don't like the review and questions?

    No, i suspended for another reason that i not want to share in public because i'm a gentleman . Is not important what he write here

    Matteo, i tried to contact you via chat, pm, email. Why not just answer me?

Sign In or Register to comment.