Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


KVM/XEN Privacy?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

KVM/XEN Privacy?

DrukpaDrukpa Member
edited April 2013 in General

I was wondering if I have a KVM/XEN VPS, will the host or root user of the node be able to view and access my file system like in an OpenVZ VPS?

«1

Comments

  • jhjh Member

    Not as easily

  • gbshousegbshouse Member, Host Rep

    Yes, no, it depends :)

  • MunMun Member

    they shouldn't in either case.

    KVM is also more blocked out so I don't think so.

    Never had that issue with the XEN servers that I ran.

    This assumes there is no bad config by the host.

  • @Zen said: Its a fake level of privacy, would take 2 minutes replicate your VM and go into single user..

    Are you sure? 3 people above you says its not possible. Anyway, if what you say is true, how would I achieve complete privacy of my container? Or its not possible?

  • @Drukpa said: Are you sure? 3 people above you says its not possible. Anyway, if what you say is true, how would I achieve complete privacy of my container? Or its not possible?

    it's very possible. now it's depend on your provider(s).

  • jhjh Member

    @Drukpa said: Are you sure? 3 people above you says its not possible. Anyway, if what you say is true, how would I achieve complete privacy of my container? Or its not possible?

    You can't completely stop your host from getting access, whether it's a dedicated server, a VPS or an entire rack.

  • Of course it is possible. the data is not encrypted. if it was not possible, the police wouldn't take nodes over illegal content hosted inside VMs

  • marcmmarcm Member

    Actually the reality looks more like this: the hosting provider is not supposed to log into the customer's VPS regardless of the virtualization technology involved. However if the customer is involved in questionable activities then the hosting provider can mount the customer's VPS partition (regardless if it's KVM or Xen) and scan the customer's files. For OpenVZ no partition mounting is necessary.
    @Drukpa - To answer your question: no, regardless of virtualization technology, you can't hide files from your provider. If you have sensitive private information then I recommend encryption.

  • MunMun Member

    It all depends on what you mean by get access to your data.

    The FBI could come and steal the server.

    A bad user could hack your server and steal everything with scp.

    The provider could make a copy and then just set it up elsewhere.

    What I was talking about earlier is if someone was to buy an openvz vm on the same boxes as yours it won't be/ if not very very hard to access the files on your vm ignoring bruteforce on ssh or other programs.

  • @jhadley With a dedicated server, I'd have the root access and my host wont have the password. The only way to access my data would be to take out my hard drive, and if that were to happen, I would notice it. But in an OpenVZ VPS I have noticed that the root user of the node can actually access all the files inside the VPS without the VPS owner even noticing it.

    I know most Hosts won't even bother snooping around their customer's files, but we never know.

    @marcm I don't know if an entire VPS can be encrypted or not. What I want is to protect my source codes.

  • If you host lets you run your own kernel (KVM / Xen HVM) you can completely encrypt the disk -- you can require a key before it will boot. It's a PITA in case of node issues but as long as you can console in you can unlock it. That will make it measurably more difficult for them to view your files-

  • krokro Member

    Encrypt filesystem / grub pass?

  • MunMun Member

    You will need kvm or xen

  • @Drukpa said: With a dedicated server, I'd have the root access and my host wont have the password. The only way to access my data would be to take out my hard drive

    You'd be susprised about the possiblitys, 1 hour physical access is more than enough to make an entire copy of your dedicated server without you ever noticing (possible via multiple ways).

  • jarjar Patron Provider, Top Host, Veteran

    Openvz is definitely the easiest way for a provider to access your files, no doubt. I'm confident that most of us don't like the idea much more than you do, but the truth is we've got better things to do with our day.

  • @William wanna share some of the ways it could be done? Am curious.

    @unused That sounds like a good option. Don't mind keying in the password during boot time. Could you please tell me more about it, so I can go and search for a tutorial.

  • @jarland said: Openvz is definitely the easiest way for a provider to access your files, no doubt. I'm confident that most of us don't like the idea much more than you do, but the truth is we've got better things to do with our day.

    Not hinting at anything, but nasty things are possible. Just like that hostgator employee in a recent thread here, a curious, mischievous system admin would want to snoop around and do what not.

  • MaouniqueMaounique Host Rep, Veteran
    edited April 2013

    @marcm said: To answer your question: no, regardless of virtualization technology, you can't hide files from your provider

    That is not true. You can keep encrypted containers mounted elsewhere with almost no chance for the host to look inside.
    It takes a bit of hacking for OVZ, but that is absolutely no problem from Xen/KVM, you can use entire "drives" with iSCSI/NFS/CIFS, even, as long as you mont them remotely (i.e. you share the files on your VPS but never mount them there) the provider/police/Big Brother will not be able to read your password unless have access at the place where they are mounted as long as a block device is emulated, even if they can read all traffic all the time and you have to suppose they can do that even if encrypted. Or if they guess the passphrase which is highly unlikely, mines are always over 32 chars long and are not reused.

  • @Drukpa said: Are you sure? 3 people above you says its not possible. Anyway, if what you say is true, how would I achieve complete privacy of my container? Or its not possible?

    The host has physical access to your data, so of course it's possible.

    If you want some privacy encrypt everything with off-site keys and decrypt on the fly with the keys passed in for every operation (encrypted of course). This will slow them down a bit but since they're on the same machine with a higher privilege than you, you're always screwed. Even if you did what I just described the host could replace your real VM with one that looked and acted like it but captured your encryption keys. Or they could just have a look in system memory to see what the keys are.

    In summary, you're screwed. Host your own hardware if you're concerned about privacy.

  • @Maounique said: That is not true. You can keep encrypted containers mounted elsewhere with almost no chance for the host to look inside.

    Yeah but if you're running something on their machine at some point you'll have to decrypt to execute, and then they have you.

    If you're just hosting an encrypted file on the service then you're ok though.

  • marcmmarcm Member

    @Drukpa said: @marcm I don't know if an entire VPS can be encrypted or not. What I want is to protect my source codes.

    @Drukpa - We host a few developers that keep their source code on our servers, however we never ever look at their VPS. It's part of our policy. Most hosting providers welcome developers because they never cause any problems. This just gave me an idea about changing our Privacy Policy to include a guarantee for developers. Depending on the type of source code you have and how you like to develop it, I recommend using paid Github or free Bitbucket (closed repository). If your source code is valuable to you and makes you money then you should guard it closely.

  • @marcm said: Depending on the type of source code you have and how you like to develop it, I recommend using paid Github or free Bitbucket (closed repository).

    Still people working there who can access the source code. I'd rather trust people like prometeus, marcm, Nick_A, jarland, concerto49 or Francisco (just to name a few here) with my source code. They probably have more emotional connection to their business than most GitHub or Atlassian employees. Like @jarland said, they've got better things to do than look at your VPS.

  • Nick_ANick_A Member, Top Host, Host Rep

    @mpkossen said: Like @jarland said, they've got better things to do than look at your VPS.

    But htop is so fun to stare at all day! :/

  • @Nick_A said: But htop is so fun to stare at all day! :/

    lol!

    Offtopic: try htop with a solarized terminal. You're gonna love it.

  • SurgeSurge Member

    Places like github also have a lot of employees with access. They are also a big attack target unlike your private vps.

  • @Nick_A said: But htop is so fun to stare at all day! :/

    TBH yes

    @Drukpa said: for a tutorial.

    I use this one

    Afaik you can't encrypt without erasing (dunno)

  • @Drukpa -- can't get any more straightforward then what @yomero posted -- will work flawlessly with kvm / xen hvm (you do need to do a custom install)

  • @Nick_A said: But htop is so fun to stare at all day! :/

    So that's how he reacts to misbehaving containers so fast... :P

    P.S. Glad I am not the only one that likes watching htop

  • @mpkossen said : I'd rather trust people like prometeus, marcm, Nick_A, jarland, concerto49 or Francisco

    That, in my POV, is the essential part of hosting with LEB providers. You know who runs it, you trust them.

  • emgemg Veteran
    edited April 2013

    There are two issues here:

    1. What is theoretically possible.
    2. What is easy to do.

    In theory, your hosting provider (or a law enforcement agency, government agency, spy agency) has access to everything - the VPS' network communications, VPS' files, the active memory of your VPS while it is running (including the keys needed to read your encrypted partitions), and anything else they want. This is true as long as the VPS is being used, even if you encrypt everything.

    Whether your adversary has the will (and the tools) to get your data is an open question. Maybe your VPS is not worth the cost and effort - it depends on the value of your data and your adversary's resources. If your VPS contains Ayman al-Zawahiri's future travel plans, then you can be sure they will get it.

    The only exception would be if you encrypt your VPS "drive" with good tools and strong keys, AND your VPS is shutdown, AND it stays shutdown before your adversary takes notice of it. In that special case, your data MAY be secure, but you cannot use your VPS from that point onward. The assumption is that you know ahead of time when your adversary might take an interest in your VPS, which is very big assumption.

    Easy methods:
    If you do not encrypt your VPS "drive", then your hosting provider can simply copy it, look at your files, and go from there. If you encrypt your VPS drive, then your hosting provider can cause the VPS to crash, and then capture your password/passphrase/key as you transmit it over the network when you reboot the VPS.

    I am not aware of any method where you can establish an authenticated, encrypted session in order to unlock an encrypted drive to boot a VPS, where the hosting provider cannot eavesdrop the session. Perhaps someone else here may know a way. Even if there is a way, can you trust your hosting provider to implement it securely?

Sign In or Register to comment.