How can providers (and maybe malicious guys) get access to virtual box?
Recently, from some LET threads, I realize some providers do access their clients virtual boxes without (or maybe with?) clients' passwords.
I don't have experience to run a vps service like kvm or ovz. How can they do this? Are there different methods to access different virtualization techs? Is kvm or Xen more difficult to access than OVZ?
if provider can not access to kvm or xen image directly, they maybe reset the password and get access? But what if I have set up the ssh-key to login and disable root login and password login? Can they still get access after reset?
I did a test on digitalocean, after root password reset, it still requires ssh-key and reject password and root login.
I checked on google, but didn't find more detail, and I don't know how to describe my question properly over google. So I asked here, guys, you may point me to some references or knowledge me here, both appreciate very much. thank you.
I ask this due to my curiosity and would like to know how to prevent this . Nothing other than this.
edit: since dissolution also involved ssh sercurity, so I edit a bit of the title.
original one is How can providers get access to virtual box?