New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Why would host ask me for my root pass?
Hi.
I have an OpenVZ VPS and am having an issue with it (it cant connect to the internet even though resolv.conf is fine), so I opened a ticket and they asked me for my root password so they could take a look at the issue.
I was just wondering why they would need the root pass because shouldn't they be able to get into the VPS without my root password since they should have access to the main node?
I have bought VPS's from many providers here over the years and they have never asked me for my root pass (besides intronet but we all know how that turned out).
Here is the ticket I am referring to. http://i.imgur.com/h9oiMeM.png
Comments
not on openvz they can just enter.
name and shame
lol
Here is a screen shot of the ticket http://i.imgur.com/h9oiMeM.png
Look at the screenshot.
We love servers. What happened was he probably doesn't have access to the host node yet I'm guessing.
He's a new staff member i think. I have never seen him the time i've been with WLS. I got my first response from him on my ticket today :P
They could be outsourced support or new staff as above and they don't want to give him access to the nodes just yet.
But what if the customer was sane and didn't have root/password login enabled?
They'll hack in, apparently.
Seriously though, can't they just use the console in SolusVM which uses "vzctl enter"? They don't need direct access to the host node.
About the issue, can you ping the specified DNS servers using their IP? If not, what does a traceroute say?
It's less of an invasion of privacy if they ask you for your root password and you give it to them. It's something on the legal side, I believe.
Or they could ask you for permission to enter the VPS :P
Then the host should provide a public key for the VM owner to add to authorized_keys.
I usually ask for it because this implies consent. It will be harder to make a case later for invasion of privacy.
I had a tech ask for my solus login to diagnose a dns issue. Was pretty reluctant to give him.
I work with shared hosting before and the policy is to always ask for password even though we can just login to user cPanel. Sort of niceties I guess.
I never ask for the root password but I do always ask for permission to enter someone's VM. I find it easier to tell customers they should never share their passwords to anyone under any circumstances. The only exception is if they've signed up for a managed service add-on, which comes with implicit permission to enter the container and perform updates/maintenance. If it were me, a hosting company asking for the root password to my container would set off huge red flags.
Not if you specify that is to have a clear record for their permission. Saying yes to the question, might say later they didnt understand what were they asked, giving the password makes that claim moot.
If it's a KVM VPS, we will ask if we need to access the OS on the VPS. For OpenVZ, we ask for permission (unless they've already given it) and make use of vzctl enter.
Personally, I just change my password to something temporarily then change it back after they're done.
I desperately hope other people are doing the same, otherwise the passwords I get are usually too stupid to use at a suitcase lock...
They probably asked for courtesy reasons, if someone wants a re-install I still make them confirm it to cover my back etc.
Either that or he can't access the Solus Panel.
Ditto - 'password123' is just too easy.
Some of staff do not have root access to the host node
I don't see why consent is needed -- if you're opening a ticket saying there's something wrong with your VM, you obviously want them to fix it, for which they'll probably need to access the VM anyway, so what's the point in them asking "can we vzctl into your VM"?
If you are dealing with all types of customers, you will see that you need to take all precautions. They might claim the expectation was to fix the node, not their VPS, so, after saying the node is ok, including statistics, you tell them it is a local problem and you may need to look inside. Asking for the pass also gives some clues, if is is 123 and you find the box wiped, you know what to say.
In short, no pass, no fix, after all, it is an unmanaged service, why risk anything.