New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That's right. Unbelievable.
good reponse
Even easier, most providers supply a template that runs the qemu-guest-agent, so they can run any commands they want on your server with or without a password. As per the above, if you really care about your data, don't use a VPS, get a cheap dedi - and even then if they have physical access to your machine, at some point you have to just trust them.
The reality is that no matter how important your data is to you, it's probably not even vaguely interesting to the provider, so the risk is pretty minimal compared to hackers from the outside.
So, what is the problem if support ask for the password if they have an option to change the password at any time? :-)
Has any of you ever had reason to suspect that the provider accessed your data without asking you for a permission?
Even if they can do that anyway, they should ask permission first but IMO they shouldn't even consider accessing a customer's data in first place
Btw, I had another issue with my unmanaged dadi. I run adult site and periodically receive abuses. I said to my provider support that I'm ready to give them root access to make them able to immediately remove abused images, but they rejected this.
I have nothing against, but they don't want to
One more reason to use an iso and install yourself (or dd some raw image over ssh using a rescue system). I hate all the convenience junk that ends up on your system without your knowledge.
is it safe to disable this service on running system or it will not boot or something?
It happened to me when interacting with @NDTN support.
I informed them that my OS does not have a password, but only uses SSH keys.
I write complete steps to reproduce the problem in the rescue environment, and give them permission to reboot into rescue to type these commands and then check the problem.
Additionally, I give them permission to take a snapshot of my main system, reinstall with their template, check on the problem, and restore the snapshot.
If the service comes without a snapshot slot, I expect the provider to temporarily offer a snapshot slot so that their personnel can check on network issues.
Yeah, safe to do so, but you'll lose a lot of the control panel functionality. I normally leave it enabled, even though I never actually use the control panel for anything beyond initial setup.
They obviously don't want to do any unpaid work. Also knowing your data might make them liable, which is probably the last thing they want.
Did they try to troubleshoot with your first or did they ask for the password right away?
Not, but I was surprised that my OVH dedi few years ago came pre-installed with an SSH key. Also had some monitoring software pre-installed so it could report back CPU use etc to their control panel, presumably installed after installation using this ssh key, but no reason to think anyone actually tried to use the key again. But in any case, I removed it from my authorized_keys file straight away anyway.
Unbelievable. Did you not reinstall the OS?
I think I'd answer "What the hell...you want my wife as well?"
But I don't have a wife and no password either.
Would it have made a difference to you if they asked to use their ssh key instead?
Did you offer that as an alternative?
If there isn't much on there as you have stated then what's the issue? Let them investigate the issue you are having so they can support you.
You can change a password. You can remove anything sensitive that you don't wish them to see.
Seems like providers are damned if they don't help. Damned if they attempt to help.
Actually, one thing I liked about Hetzner is that they themselves provide instructions on how to install with full-disk encryption. I guess I could have done the same at OVH as I installed it via the rescue image, manually creating the RAID mirror and
debootstrap
'ing into an empty filesystem.Yeah, i've seen quite a bit of funny behavior just because the panel thinks my system is something it totally isn't.
Yes, but only a week or so later. At that time I was just learning about setting up KVM myself, so I just used the initial config to practice a bit with setting up VMs and an iptables-based firewall, and once I was happy I knew what I was doing and had automated it via a script, I wiped the whole server and started from scratch.
Even with a dedi full disk encryption isn't really all that secure since you'll always have to keep an unencrypted boot partition and if your dedi ever goes down backdooring that is easily possible, logging keys and thereby rendering the encryption useless.
Edit: Which obviously doesn't mean i won't use it.
sorry, but that's complete BS. a lot of clients expect the provider to help them install or maintain software even on an unmanaged service. that's what gets them praising for good support in the first place.
just because you might be more proficent does not mean the support agent knows that but more likely expect the average joe and is offering help. maybe you should try working in technical support for a while to gain real experience about customer demands and expectations ;-)
again I'd like to see the actual wording in the ticket not just a summary. it's always helpful if you provide as much information as possible in your work order to help the support people to help you in the best way possible.
Depends on the provider.
Usually a provider that knows what they're doing won't need the password.
I had a similar situation with Greencloud.
I re-installed the node, shared the password with them, let them fix it.
Then, re-installed again ensured the fix persisted and restored the stack on that node (I use ansible, so it was easy/fast).
Password or SSH key I don't want them to access my data that easily.
It's not about "damning" a provider, but I think asking for the password should be the very last resort, not the first thing they ask to troubleshoot a problem.
It's not BS. I am not asking for support with software or anything like that. My problem is that I reinstalled the OS, then started a few containers, nothing buggy, and the server got shutdown 3 times apparently not from the guest os. They asked me to check the logs, which I did and found no sign of shutdown, then they asked me the password already.
What do you want then?
For them to provide an alternative server?
Not necessarily, they could tell me if there is something specific they want me to check in the guest OS other than what I have already done
It’s appropriate to either ask for a password or ask someone to install your SSH key under certain conditions. It’s no different than installing cPanel’s SSH key when you open a support ticket with them.
Of course it isn’t necessary if the problem is outside of the VPS, but if the provider believes it isn’t and is still willing to help, it’s okay for them to offer to help if you are comfortable with providing access. If you’re not, no big deal.
Exactly this.