How secure/private is full disk encryption on a VPS? [duplicate]
Security principles say that if someone else has physical access to a machine, then there is no security/privacy. I'm wondering about some examples of this in the case where I want to have a hosted Virtual Private Server (VPS) with full disk encryption. This is the kind of encryption that you are offered the option of setting up when installing Ubuntu, where every partition of yours (root, home, swap, etc) is in one big LUKS-encrypted volume.
Let's assume you don't set up automated entry of the LUKS password on this VPS (instead entering it manually through SSH upon each reboot, using a creative solution like https://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot), so that someone else trying to reboot your system would have to know the password.
What are the security or privacy risks with such a solution? Could the VPS hosting companies employees or some middle man somehow get access to your data? Sure they can take a snapshot of your entire server at any time, but in order to boot it up they'd need the password, so how could they access what's inside the image?
Could they somehow snoop the SSH keys or encryption password?
Because they have root on the physical machine that hosts the VPS instances, how possible is it for them to get root on my VPS?
Can they log key strokes sent to the VPS over SSH? If SSH secures only the communication until it gets decrypted at the server, then could they see what you are actually sending to the server?
I'm assuming the damage would be possible when your server is running, not when it is turned off, is that correct? So when the server is running (after you've already entered the LUKS password), what could they do? If they take a snapshot of your system then, what can they do with it?
Just trying to understand what security/privacy I'm getting vs what I'm not by doing full disk encryption on a server that somebody else has physical access to (i.e. VPS).
so how could they access what's inside the image?
Intercept the part where you enter the password, record it, finished.
The boot side must be unencrypted -something has to start the SSH connection.
I don't think it's easy, but it is possible. They could make a memory dump of the virtual machine and search it for keys. You'd have to have some memory debugging skills, but you could retrieve the key that way. An ordinary hosting provider's sysadmins won't have these skills, I would guess.