One way would be to publish a HTTP/JSON API for fetching a specific set of stats from a server given an authorization key, provide a reference implementation, and allow customers to build their own if they're not comfortable with that.
Root SSH logins don't seem like a particularly good solution for this problem.
Everything aside, most of these colo machines are set to netboot in order to implement their rescue system. Never poked around, but wouldn't be surprised those DHCP requests hit other machines on the segment. OVH seem to be more sensible than most when it comes to network configuration, but I wouldn't be surprised this happens in other places (the difference between a $50 Ethernet switch and a $5000 Ethernet switch right there)
Edit: since some don't seem to understand the basics of security, or perhaps out of an ill-placed sense of loyalty: running a web server + CGI combo as root on an Ethernet segment exposed to other colo customers, in place of a 20 year old service designed for exactly this scenario, when its sole user already has hardware access (and reboot + netboot access) to the machine is fucking stupid. I'm making no argument here, just calling out terrible advice for what it is.
> One way would be to publish a HTTP/JSON API for fetching a specific set of stats from a server
> given an authorization key
2.
> provide a reference implementation, and allow customers to build their own if they're not comfortable with that.
Implies 3: entire point of the implementation is to read sensors, which requires root, or further messing with the security properties of the base system (e.g. sudo), and expecting users to do this correctly.
So basically what you're advocating is to encourage users to run custom HTTP servers as root.
Edit: and I see you edited your comment, and now advocating running nginx as root.
I have no idea what you're talking about or who you think you're arguing with but it isn't me.
Especially amusing that whoever would say these crazy things you're saying would still be better off than giving remote root SSH away for stats collection.
It's OK, we all give bad advice sometimes. You clearly just advocated replacing SSH with a custom HTTP server that effectively always requires root, and furthermore to advocate users mess with this root-running code. I don't understand why you can't see this.
I do agree with your larger point that building your own here is undesirable, however the web server wouldn't have to have root by using IPC or other kinds of tricks.
In any case, wouldn't it be even more secure if the server just pushed stats outwards (syslog anyone?) instead of needing to accept any kind of commands via SSH/HTTP/S or otherwise?
I am at a total loss for how any of this would require root access. I'm not sure any component of the system online or offline would need root; I'm absolutely certain the web app wouldn't. You don't need IPC tricks.
I'd be less comfortable with the contraption that pushes stats out from the hosts. I don't agree that it would be more secure.
Virtually any system you could imagine to solve this probably would almost by mathematical necessity be more secure than giving out a root SSH login, which is the funny thing about this thread.
Mathematically, giving root login to person X is never more secure against person X than any other interaction with person X. I think the idea was regarding other people. With SSH, what you are exposing to those who lack the key is SSH, which is well hardened.
If you set up a web service naively and run it as root, you have a weaker surface more exposed in exchange for more security against a mostly trusted party (who already has physical access).
Of course, I'm not sure what kind of statistics can't be gathered by anyone but root; even if there are some (and there probably are in some configurations), I don't see why they couldn't be polled by root in a cronjob and dumped in a log file that's readable by a (specific, if you care) non-root user and fetched over SSH by that non-root user, &c. So, on the whole, I agree that there's no reason to give out root; but it's not a crazy notion that there are things worse than giving root to person A, with respect to your security against person B.
Accidentally revealing server stats because of a bug handling a trivial authentication token is less of a big deal than giving a third party root shell access to your server, is my point.
But a bug in a web-server running as root might lead to privileged execution of arbitrary code.
It's certainly true that a bug in the authentication code that incorrectly grants access is of substantially less severity than a leak or abuse of root key/password.
The nginx package on Debian has more LOC than the openssh-server package. Apache, of course, is huge. This doesn't map perfectly onto complexity, but gives some indication that "much, much simpler" may not be entirely accurate.
Moreover, the default SSH setup gives you everything you need for the (still undesirable) current setup, and is almost certainly running regardless. The default nginx install does not - you have to tweak setup to lock it down and add stuff to actually fetch the content, and since that (we have stipulated) has to be done as a privileged user there is room for error.
Again, giving a root login key to OVH means no security against OVH, and relying on their securing the key. I agree that this is a bad idea. Depending on the amount you trust OVH and their security, it may be more secure against people other than OVH than certain specific alternatives (perhaps all the alternatives if you artificially constrain yourself into running a single process as root that talks to the outside).
"Simpler" is surely something we could quantify, and while LOC tracks it loosely it's obviously not the same thing, and SSH is almost certainly more complex per LOC than typical. Where that becomes "much" simpler, and from there "much, much" simpler is fundamentally subjective, but if you want to put up some numbers based on some other metric feel free, and we can take this further; it strikes me as unlikely that a smaller system would fall in the range I would label "much, much simpler" - but I am not an expert on either piece of software.
Regardless, it is a digression. The complexity of openssh is not at issue, unless you are advocating they not use openssh at all. Nginx + openssh is absolutely unequivocally not "much, much simpler" than openssh.
Adding nginx interfacing with new, privileged code does add significant complexity that using-the-already-present-ssh does not. Some of this complexity is exposed to those who do not have any credentials. Therefore, the security of the system toward those attackers may go up for those reasons more than it goes down because of the existence of an additional set of root credentials they do not have easy access to. This is presuming that OVH's security is sufficiently trusted; a big assumption, to be sure.
We're still agreed that the best approach is some kind of reasonable hand-off of data from the privileged process that reads the data and the external access of whatever form, presuming any of the data really needs privileged access in the first place.
The reasoning you're using here about exposed attack surface and complexity is faulty. You are better off exposing a trivial interface with nginx or Apache than in giving someone SSH credentials.
The SSH access is for deploying the rtm binary (setup, config, updates). Only one host is allowed to reach servers through ssh via the ssh key in question.
And then why don't I find a large glass jar filled with live wriggling cockroaches and compete with my coworkers to see how many of them I can swallow whole?
SNMP is awful. SNMP implementations are scarier than web apps (though admittedly not as scary as SSH logins). SNMP is harder to secure. It would be much harder for customers to provide their own trusted implementation of SNMP. I could go on.
There's what SNMP was built for, and then what it actually does.
I've been (un)fortunate enough to implement it more than once. Only a certain class of clients demand it because they already have built a big SNMP infrastructure.
No. This is so their technicians can easily log into your servers and solve problems if you need them too. Lots of their customers are newbies so they sell technical help as a service.
The main reason I'm not so concerned is if they have physical access to the server they have root access anyway. At least this way I can see them logging in.
I used OVH for about a year and had no problems (had no need for the server any more).
The only issue I did have (and might be worth considering) was probably to be expected: they seem to be very on top of network issues and won't hesitate to terminate your server if something is suspicious. I was running a game server (Call of Duty 1) that had a bug that allowed someone to maliciously redirect packets to someone else (not a spectacular amount, but enough that when they did it with ~10 servers it would cause problems for the victim) and because we were part of an attack the server was shut down and they wouldn't return it to me without agreement that we'd wipe the "infected" server -- even though it wasn't infected, it was a software bug that we could resolve if we had server access.
Definitely worth using for unimportant things, but definitely not worth risking it on production.
We had a UDP flood from an OVH server, and they said they contacted the customer to fix this issue. I checked the IP and it was still running a splash page.
A couple days later we were attacked again by the same IP. After reporting this to OVH again they finally took the server down.
I'm french and I've been using low-cost offers from OVH (Kimsufi) or Illiad (Online.net) since a couple of years.
I just have ONE objection: If you plan to do something professional with them, just, don't.
For them, every client is dispensable (even if you rent 200 servers or more). They won't hesitate a single second to delete your server if they have a small problem with you (for example, getting DDoS'd).
OVH have shutdowned servers from a small association who was offering hosting, on the basis that the server made 3 DNS request to some "weird" server in Poland, for example.
So, it's okay for personal stuff, and, backup everything- your data is definitely not safe on their servers.
I've been a customer for 7 years and don't have single complaint. Do you have any source for your claims? Suggesting they'd shut out any client for any reason, making them unsuitable for doing business, when they run 100 000 servers is a little doubtful.
Their prices do seem to bounce around a bit, even for countries that use the same currency.
There's an issue in that (as I understand it) in Germany you have a quote VAT inclusive prices but in Ireland you can leave off VAT for goods aimed at businesses. (The same is true in the UK).
Even taking that into account there's about a 20% price bump from Ireland to Germany, though!
Proud OVH customer both in Europe and Canada. Very happy with their hard service and amazed with their tools. With their control panel you can deploy a new dedicate server in under an hour with a custom setup preloaded with your SSH keys. Provided they have stock of the server.
They suck in the support/soft service department, but frankly if you know what you are doing, you don't need it with OVH. They have pretty much automated everything. If there is a hardware fault they are on it before you even know.
Just a few days ago 24 servers failed due to cooling issues. They sent an army of 8 nerds to handle the issue: http://status.ovh.net/?do=details&id=3736 Resolved in 40 minutes.
I've had a kimsufi/ovh dedicated for a few years now. I switched when I was comparing various vps prices, and was annoyed by the small disk (and ram) sizes provided for the cheaper plans.
I'm on a plan that isn't available anymore, but it was sub-20eur/month, and the hardware seems to be P4 3ghz, with 2GB ram and 200GB disk. And the performance has been plenty for me.
Then the kimsufi brand was a bit more separated from the normal ovh offering. The kimsufi was branded a bit more on the do-it-yourself side, with no support apart from hardware failures. It seems they've now merged the kimsufi brand back to the main ovh site.
And I have been a fairly happy customer. I think I've had a couple of short network outages, but nothing alarming. My uptime is at 732 days.
I'm happy running an OVH / Kimsufi server, costs me £25 a month + VAT from the UK site, it works brilliantly.
Support is essentially non-existant, it's at best "Don't call us unless the box is power dead". But for the price, that's fine, if it dies or starts showing a hardware fault, I'll cancel that one and order a replacement.
You must be doing some task that I've never used my servers for if you consider a dedicated Atom somehow vastly inferior to a virtualized "real CPU". My servers are never CPU bound. They are disk, memory, and I/O bound, in that order. I couldn't possibly overwork the CPU on any machine I have...web service is simply not a CPU-intensive task.
Besides that, Atom CPUs are quite fast for many kinds of tasks...sometimes faster than a virtualized "real CPU" for server workloads, like serving websites, databases, and email. My servers at Amazon often have "sluggish" periods throughout the day, despite them being quite low-load systems; it seems to be because the other servers on the same CPU are working harder. Shared resources can be a curse, though I usually don't mind.
People use servers for things other than hosting websites, and I've seen my fair share of web services that do push the CPU for significant amounts of time.
But sure, for 99% of all websites, CPU is not the issue.
Shameless plug time! My own company, Uptano, is doing something kind of neat with dedicated servers. We're letting you rent dedicated hardware and then launch multiple virtual servers on them.
I've been keeping my eye on Uptano, they've come a long way since I played with the initial beta. I really like the idea of having a dedicated box and being able to allocate VMs within it.
Question: Do all my 8 VSs have to reside on the same host? If the host goes down, it will take all my VSs with it. Any way of getting the same number of VSs but distributed across hosts?
Virtual servers on Uptano are managed via the web interface and each includes a public IP address. Most ISPs do limit IPs per server. Also, our limits are higher than pretty much anyone needs per server.
It's far easier to manage than doing it manually. We're also making it easier to do high level things with your servers that aren't trivial to do manually.
Another vote for Hetzner, really their pricing makes anything stateside seem almost extortionate. You have to ask yourself if the extra 250ms ping from the States is worth it though. Game servers are right out.
I am interesting in 1) a provider with comparable features in Asia and 2) another with comparable price on the west coast of the United States. That is until OVH roll out their west coast data centre in the coming years.
BTW, I'm thinking of webnx's special deals as the best on the west coast. Competitive on the high end. No where near as cheap on the low end.
Using PhoenixNAP.com/SecuredServers.com in Arizona for a few months now. Pretty stable so far for a sub-$100 dedicated with 2-drives/Software RAID-1 & 8GB of RAM.
Limestonenetworks is also good in Texas, but starter servers are over-$100 for a similar 2-drive/RAID-1/8GB RAM box.
Although I've never tried them, there's http://www.server4you.com/root-server/ that is relatively good value for money, but still a little more expensive. I don't know how their support/reliability is.
I actually use OVH on some older Kimsufi plans. I'm kinda disappointed actually with these new plans as they got rid of the Core i5/i7 processors which were a bargain for the amount of CPU power you got for the money.
Unlike OVH, server4you use nasty 5400rpm hard drives on their low end. I actually am waiting for someone to come out with a low end server with a small SSD drive. I need performance not storage.
RAMnode has been pretty good for very fast mid-range SSD VPSes (watch their Twitter; they have 30% off specials all the time). SoftLayer also supports SSDs but they aren't low end, for the most part. I'm a happy customer of both but an employee/beneficiary of neither.
Also in France, online.net has very similar offers. I have 3 "dedibox" online.net servers and I'm very happy with them. The uptime is great, and the bandwidth is astounding.
OVH have similar offers in many countries as mentioned by others here already, e.g. on their Irish site or their Polish site. I signed up through their German www.isgenug.de brand (which now simply redirects to their main web page) about six months ago and got a EUR12/mo deal which isn't available anymore. The server is fine, but administrating the account is a pain.
I thought I'd be able to get access to a server within a day or so of registering and paying. Oh was I wrong. Before even charging my credit card they requested an officially stamped/signed proof of address (issued by the town I reside in in Germany), a scan of my credit card (!), and a scan of my German national ID card. They were friendly enough to let me substitute my passport since I don't have an ID card. I was travelling at that time and had to have the proof of address mailed to me, so it took over a week. Ironically, all that jazz was required because I was travelling - apparently signing up for a server with a German credit card from a non-German IP is "suspicious".
Two weeks after signing up I finally had access to the server. Stupid me thought they would make it easy to stay their customer. Instead, I have to enter my credit card details into their Web0.9 backend system once every month (or once every year if paying annually). To make sure I don' forget I receive a reminder email once every day for the last 14 days of every month. The only alternative is to set up a recurrent wire transfer to them and then cross you fingers that it always gets booked correctly on their end.
I see that many others here report on having an account with them. Am I the only one who finds it so difficult to give them my money? I'm really happy with the server (I use it to compute meshes from worldwide elevation data sets for our geographical iPhone case creator on http://www.printablegeography.com/creator) but giving them money is just waaay too hard.
I've had similar problems ordering a server this weekend. I've used the UK site to order on Friday evening a server which was supposed to be available in 24hrs. One hour later, I received an email confirming my payment has been received.
I kept wondering what's taking so long, only to receive an email on Monday morning saying "Unfortunately, we only provide services to Republic of Ireland or UK customers at the moment" and asking for "a copy of your ID (passport, driving licence)" and "a proof of address (utility bill)" to be sent over email(!!). I am in the UK, but they can bugger off.
I rent a dedicated server from OVH in their Canada data center. For $79/month I get the following:
1) 100mbit connection
2) Core i3-2130 w/16 GB ram
3) 2x1TB sata configured as software raid-1
To be blunt, $79 is an absurdly cheap price for that kind of hardware and connectivity. I'm more than willing to put up with an occasional network problem (hurricane Sandy disrupted some of their peering) and a management portal that is not quite as featureful as I'd like.
http://digicube.fr/rapidserveurs
1gbps with unlimited traffic start at 25e.
I've been hosting an irc server with them now for just under a year; and it's been down once for 2 hours due to a power failure.
Downside is everything is in French.
$40 per month for an Atom based server (which is surprisingly capable). They have an advertised traffic quota, but in my experience they don't check how much traffic you've used. I used to run a file host on boxes from Interserver - I used to push about 60TB per month over 3 boxes.
One thing to check is that some of the budget hosts will oversell their networking in such a way where your port links at one speed, but you're unlikely to ever see that speed for long periods of time.
i dunno if its still true, but at one time imgur was hosted with http://www.100tb.com/ if my memory serves. Cant hurt to look at what other high-bandwidth applications use.
I remember reading that OVH is very popular in the Scene[0], for running topsites and the like. The reliability and bandwidth must be pretty good for them to be used by the Scene.
My bad, maybe I got the popular seedbox hosts confused with the popular topsite hosts. For some reason, I seem to remember OVH being mentioned in a scene notice. It might've been when they busted a topsite for leaking releases to a seedbox used by a private torrent site uploader.
Yep, if OVH were referred to it would only have been in a negative context, e.g. outing a P2L (Pay to Leech) site or someone seeding files to torrent trackers.
> You will pay through the nose (compared to US prices) if you have high bandwidth traffic
What do you mean? It comes with 5TB of network traffic, and they don't charge for additional traffic, merely limit your speed:
>> The server is connected at 100Mbps. The bandwidth is 100Mbps guaranteed up to 5TB of monthly traffic. Beyond 5TB of monthly traffic, the bandwidth is 10Mbps guaranteed.
"100Mbps guaranteed" is a little suspect given that is the theoretical maximum speed of fast ethernet. Maybe they have gigabit but I doubt it.
I am also very suspicious because the uplink speed for the fast ethernet switch the server is on can not support "100Mbps guaranteed" for every port on the switch simultaneously.
I use OVH for a rutorrent and PLEX server. I have the 8G one for 40 bucks a month. It is the seedbox for six users and runs PLEX so everyone can stream to their phones or computer or AppleTV.
It has mostly replaced cable tv for everyone that uses it.
Just as several users here: I have two dedicated Kimsufi (a word play on "qui me suffit" meaning: "which is enough for me") since years. One of them reached a 4 digits uptime (then there has been some modification on the bay and it got rebooted).
Paying about 20 Euros / month or so.
At one point I was considering finding a dedicated server in the U.S. but I was surprised: apparently the prices weren't that competitive compared to OVH (I was looking for a full dedicated box, not a shared one nor instances).
You'll want to:
We used OVH for some testing/dev boxes and ended up adding OVH specific puppet configs to clean up the box.Edit: Oh and on Windows you need to hit up Add/Remove programs and uninstall 'Corp SSH'