I rented a virtual server from a hosting provider that uses VMWare as virtualization software. If I remove the initial user from the virtual machine created by the VMWare admin and If I change the SSH configuration to allow only the users that I created on the virtual machine. Can the WMWare admin still access the data on the virtual machine drive?
1
-
VMware and Hyper-V now have the capability to separate the hypervisor admin from the guest admin. I doubt econo providers offer/implement it though. docs.vmware.com/en/VMware-vSphere/7.0/…– Greg AskewOct 2 at 19:20
Add a comment
|
1 Answer
Yes. They can access all data, including CPU registers and memory content at will, and there's no way you can tell. Any encryption keys can trivially be extracted from a running VM, so even full disk encryption will be of no use against malicious hosts.
If you don't trust your provider, you have to walk away. You can't provide security against the host.
-
2In fact, given the slew of CPU µarch security vulnerabilities published in the last couple of years, there is a non-zero chance that even other customers who happen to be hosted on the same physical server can do so. We just don't know it yet. Oct 3 at 9:06