Can a hosting provider access files inside our VPS accounts?
I'm curious how VPS accounts work. I know my shared hosting provider can look through my files since they've changed things in the past. If I purchase a VPS account, like from Linode or Slicehost for example, would the folks there be able to see my clients' files I've hosted inside my VPS account? Or would they need an authorized ssh key to do so?
Ultimately there is nothing keeping them from accessing your virtual server's disk. If you are using something like Linode or Slicehost then they wouldn't do it by logging in as root unless you gave them the password. What they could do however is shut your VPS down and then mount the virtual disks on the virtual machine host. At that point all the files on your virtual server would be accessible to them. Another way of thinking about this is that if you had a physical server you leased from someone they as well could shut the server down, remove the disks and stick them in their own server to get access to what the disks contained. A VPS just makes extracting the "drives" easier.
Depending on what they're using for the underlying storage infrastructure they might also be able to take a live snapshot of your virtual disk and mount that separately, without having to take your server down. About the only way to guard against this is to use a disk encryption system such as TrueCrypt or the encryption support built into the OS. This has the major downsides when it comes to managing the key to unlock the encryption - you've got to be very paranoid to make it worthwhile.
It's pretty much as Carson says but even easier - Shut down the machine and copy the VPS drive or image the real drive. This reduces the down time considerably. Of course with virtualisation technology, such as is used by a VPS they can take a snapshot while the machine is still running, so it's highly unlikely that you would ever even notice it had been done.