New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What do you say to a provider who asks the password?
It happened to me now with @greencoludvps. My VPS has been shut down 3 times since last night and there is no sign that this is triggered from inside the server, also because there is very little on the server.
Is it normal to ask for the password? IMO they should never do that. I am not comfortable doing it because there's personal data on it and I can check things myself in the guest os. What is your reaction to these requests?
Comments
no, fuck you
proceed to terminate the service and ask for refund
They can access it anyway!
Yeah that's what I thought. I haven't been asked this for many years and I have used many providers. The problem is that I paid for a year recently. I could try to ask a refund if they don't solve the problem.
Technically, yes, they have access to the disk etc... you're right
It's Greencloud
also the problem
i recently gotten a server with hostbrr and keep nagging his support to enable disk encryption...
my servers go into 4 categories:
testing and idling - feel free to access
backups - touch my data, encrypted anyways, sike!
production - pls don't touch my data? (i genuiuenly trust racknerd)
windows - i want encryption, fuck off don't you dare touching it, i dont trust anyone
It's also not a US or European company Just a registered business in the US.
We know you did. You started with innocent question and then immediately named them. You're halfway out. But not before the drama. It's in your DNA.
What the heck is that supposed to mean?
Ah, yes, my favorite type of encryption — the one in which the person you are trying to protect the data from has the private key.
To quote @naphtha over at Kyun.host:
I tend to use g0f*cky0urs3lf as root password if I know they are going to ask it
nope, they just need to enable TPM
It may depend. Rarely has there been a need for a provider to ask me for it but I suppose if you're trying to do something unique (e.g., custom networking config or need help with something), then maybe. That hasn't applied to me, but I have been asked for it a handful of times over the years. I've cancelled a service over that ask when it seemed suspicious. Usually it is innocent. Most likely it is a support person that is not sufficiently capable of understanding or troubleshooting an issue I've raised and they default to wanting access.
The only time I can recall that it might be useful and I've provided it is if there is a problem with connectivity on the initial install. And if I remember, they just confirmed what I told them and rebuilt the system elsewhere or assigned new addressing.
I always assume they ultimately have root access to everything, and they essentially do. I'd be very reluctant to store any truly personal data on any low-end provider system that is not already encrypted with a private key stored elsewhere.
As an aside, some providers are more trustworthy than others. The larger providers are probably less inclined to snoop on your stuff, simply due to scale for example. As another example, when you see providers refer to your orders, account, or activity on these forums without you having provided any corresponding ticket, email, or confirmation that you do business with them, I'd be wary of doing more business with them. A certain provider I won't mention does this a lot and it does not instill a whole lot of trust imo.
I know, but handing them the password makes it even easier for them I think
Usually the host not can login without the password so I have no idea, maybe there is a security measure in place where the support doesn't have access to the host node probably. In which case if you are kind and want the issue resolved, change your password and give them the temp password to determine the issue if it's worth your while.
Asking password for unmanaged server is direct and very serious insult to the customer. Like slap to the face with 16-inch penis.
It indicates unprofessional and childish behavior. It is the same as if I asked my wife what's her weight or she said the true about my penis.
Business relationship should be cancelled asap.
What are you talking about? If provider wants, he can dump ram data from your vps and directly look ssh key, let alone passwords. Never ever give anyone your password.
post the ticket for more context.
most likely they did not just ask for the password but rather suggested, that the issue is not on their end and still offered support in investigating/solving.
if your VM or the software you are running is causing an issue, help in solving requires you to allow access, easy as that.
The short version is that I told them my VPS had been shutdown 3 times since yesterday, the guy asked me to check the logs and I told him that I already did and there was no sign indicating that the shutdowns were initiated from the guest os, and he right away asked me for the password. Anyway after I told him that I am not going to give the password we agreed to keep the ticket open and he'll monitor on their side as well.
How solusvm root passwrd management works? Can they change password from the panel if it;s default OS installation?
Yes, you can
I had the same with ReliableSite. The server was being setup for production workloads. There was a problem with it so we needed a double check on the hardware side and maybe a rescue boot. The first reply was to supply them with the root password as the one found on the control panel wasn't working for them.
Never asked for permission in the first place or explained why.
Found it very odd. Server is under the cancellation period now.
Wow, they tried accessing the server without even asking first?
Hey @Falzo, didn't see your NetCup BF thread this year. Everything right?
So, they also can :-)
ps. btw, how to "disable" this feature?
It's part of the CP, it doesn't seem like you can disable it as a regular user
Unless you are using encryption (if it's KVM). Disk encryption will still not really save you from a nosy admin but at least they'll have to put in way more effort/knowledge.
On topic: Downright requesting passwords would not go down well with me. Asking would be fine but depending on what's on the box chances are i'll refuse.
"Would you like some fryes with that?"