Regarding questions about KVM guest agent

SystemSystem Administrator
edited December 2022 in Technical
This discussion was created from comments split from: Take By Storm.

Comments

  • edited December 2022

    You say,

    @stromonic said:
    we do not has backdoor access of your servers,

    but then you go,

    @stromonic said:
    we may reset your password in extreme cases, if you do not cooperate with our abuse tickets.

    Which one is it really?

  • edited December 2022

    @jmgcaguicla said:
    You say,

    @stromonic said:
    we do not has backdoor access of your servers,

    but then you go,

    @stromonic said:
    we may reset your password in extreme cases, if you do not cooperate with our abuse tickets.

    Which one is it really?

    It’s different thing. All hosting companies can reset their clients’ server password in case of abuse.

    Thanked by (1)Asim

    STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
    Data Centers: India, Finland, Canada, Bulgaria, United States
    Custom Quotation: [email protected]

  • @stromonic said:
    It’s different thing.

    Whatever you say buddy

    @stromonic said:
    All hosting companies can reset their clients’ server password in case of abuse.

    Not if I nuke the qemu guest agent :smile:

  • @jmgcaguicla said:

    :

    All hosting companies can reset their clients’ server password in case of abuse.

    Not if I nuke the qemu guest agent :smile:

    How would this work?

  • @localhost said:
    How would this work?

    Are you asking how to remove the guest agent or how the backdoor password reset works?

  • @jmgcaguicla said:

    @localhost said:
    How would this work?

    Are you asking how to remove the guest agent or how the backdoor password reset works?

    I'd love to hear about both...

  • edited December 2022

    @localhost said:

    @jmgcaguicla said:

    @localhost said:
    How would this work?

    Are you asking how to remove the guest agent or how the backdoor password reset works?

    I'd love to hear about both...

    Just kill any process resembling the name and prevent it from starting, or more drastically kill the channel it has with the host by unloading the virtio-serial kmod.

    It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.

  • FrankZFrankZ Moderator
    edited December 2022

    @jmgcaguicla said: It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.

    Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor". If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • edited December 2022

    @FrankZ said:
    Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor".

    Didn't say they were special. Stop putting words in other people's mouths.

    If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?

    I simply answered a question from @localhost, you don't see any names in my reply do you?

  • FrankZFrankZ Moderator
    edited December 2022

    Fair enough, please continue.

    Thanked by (1)jmgcaguicla

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • @localhost said:

    @jmgcaguicla said:

    :

    All hosting companies can reset their clients’ server password in case of abuse.

    Not if I nuke the qemu guest agent :smile:

    How would this work?

    You just remove it, its just a service more or less.
    Same goes for LXD.

  • edited December 2022

    Certainly with Proxmox, I've found the qemu-guest-agent useful for shutting down a hung VM, also it reports back the assigned/active IP(s) to the node.

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

  • AdvinAdvin Hosting Provider
    edited December 2022

    @jmgcaguicla said:

    @stromonic said:
    It’s different thing.

    Whatever you say buddy

    @stromonic said:
    All hosting companies can reset their clients’ server password in case of abuse.

    Not if I nuke the qemu guest agent :smile:

    Well, there are 5 ways a host can usually change the password:

    1. QEMU Guest Agent
    2. Cloudinit
    3. Rescue Mode
    4. Virt-edit
    5. Modified OS Template

    In order to avoid all of these ways, installing with a custom ISO and running encryption is your best bet. If that's not possible, then removing QEMU Guest Agent, removing Cloud-init, and using some type of software to encrypt the disk is your best bet.

    I think it's really dumb that they would just change the root password on lack of response to abuse complaints, we usually just send warnings and suspend the VM after a certain amount of time like most other providers.

    I am a representative of Advin Servers

  • edited December 2022

    They can't change your password if you don't have a VPS with them

    image

  • @FrankZ said:

    @jmgcaguicla said: It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.

    Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor". If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?

    Yes. Let's make it straightforward if anyone could provide proper evidence that we have stolen their data, we will award him $1000 bucks directly to PayPal. :)

    STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
    Data Centers: India, Finland, Canada, Bulgaria, United States
    Custom Quotation: [email protected]

  • I still don't understand @stromonic ,you still advertise Full Disk Encryption support, but provide no console to unlock it on storage boxes.

    After I started this conversation on the other thread, you haven't addressed this.

    Please do not give me "abuse" as a reasoning.

    This just builds up more speculation at the end. It leads customers to feel they are in for a bait and switch scam from the provider.

    Thanked by (2)webcraft AuroraZero
Sign In or Register to comment.