STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
Data Centers: India, Finland, Canada, Bulgaria, United States
Custom Quotation: [email protected]
Are you asking how to remove the guest agent or how the backdoor password reset works?
I'd love to hear about both...
Just kill any process resembling the name and prevent it from starting, or more drastically kill the channel it has with the host by unloading the virtio-serial kmod.
It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.
@jmgcaguicla said: It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.
Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor". If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
@FrankZ said:
Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor".
Didn't say they were special. Stop putting words in other people's mouths.
If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?
I simply answered a question from @localhost, you don't see any names in my reply do you?
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Certainly with Proxmox, I've found the qemu-guest-agent useful for shutting down a hung VM, also it reports back the assigned/active IP(s) to the node.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
@stromonic said:
All hosting companies can reset their clients’ server password in case of abuse.
Not if I nuke the qemu guest agent
Well, there are 5 ways a host can usually change the password:
QEMU Guest Agent
Cloudinit
Rescue Mode
Virt-edit
Modified OS Template
In order to avoid all of these ways, installing with a custom ISO and running encryption is your best bet. If that's not possible, then removing QEMU Guest Agent, removing Cloud-init, and using some type of software to encrypt the disk is your best bet.
I think it's really dumb that they would just change the root password on lack of response to abuse complaints, we usually just send warnings and suspend the VM after a certain amount of time like most other providers.
@jmgcaguicla said: It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.
Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor". If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?
Yes. Let's make it straightforward if anyone could provide proper evidence that we have stolen their data, we will award him $1000 bucks directly to PayPal.
STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
Data Centers: India, Finland, Canada, Bulgaria, United States
Custom Quotation: [email protected]
Comments
You say,
but then you go,
Which one is it really?
It’s different thing. All hosting companies can reset their clients’ server password in case of abuse.
STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
Data Centers: India, Finland, Canada, Bulgaria, United States
Custom Quotation: [email protected]
Whatever you say buddy
Not if I nuke the qemu guest agent
:
How would this work?
Are you asking how to remove the guest agent or how the backdoor password reset works?
I'd love to hear about both...
Just kill any process resembling the name and prevent it from starting, or more drastically kill the channel it has with the host by unloading the virtio-serial kmod.
It's essentially a privileged application running inside your VM which communicates to the host qemu process via a virtio-serial device. I believe the primary purpose was just that, to reset passwords in case the owner of the guest vm accidentally gets locked out, but you can also probably guess how that can get abused.
Every KVM VM has these same things going on. I'm all for healthy discussion about a provider and their policies, but there is no evidence that this provider is abusing the process you describe or has established any kind of nefarious "backdoor". If you. or anyone else has evidence of some nefarious action taken by this provider to access someones KVM VM without their consent I would like to see it. Otherwise what is this about exactly ?
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Didn't say they were special. Stop putting words in other people's mouths.
I simply answered a question from @localhost, you don't see any names in my reply do you?
Fair enough, please continue.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
You just remove it, its just a service more or less.
Same goes for LXD.
Free NAT KVM | Free NAT LXC | Bobr
Certainly with Proxmox, I've found the qemu-guest-agent useful for shutting down a hung VM, also it reports back the assigned/active IP(s) to the node.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Well, there are 5 ways a host can usually change the password:
In order to avoid all of these ways, installing with a custom ISO and running encryption is your best bet. If that's not possible, then removing QEMU Guest Agent, removing Cloud-init, and using some type of software to encrypt the disk is your best bet.
I think it's really dumb that they would just change the root password on lack of response to abuse complaints, we usually just send warnings and suspend the VM after a certain amount of time like most other providers.
I am a representative of Advin Servers
They can't change your password if you don't have a VPS with them
Yes. Let's make it straightforward if anyone could provide proper evidence that we have stolen their data, we will award him $1000 bucks directly to PayPal.
STROMONIC.COM - Web Hosting, Reseller, Managed WP, VPS, GPU & Dedicated Servers!
Data Centers: India, Finland, Canada, Bulgaria, United States
Custom Quotation: [email protected]
I still don't understand @stromonic ,you still advertise Full Disk Encryption support, but provide no console to unlock it on storage boxes.
After I started this conversation on the other thread, you haven't addressed this.
Please do not give me "abuse" as a reasoning.
This just builds up more speculation at the end. It leads customers to feel they are in for a bait and switch scam from the provider.