Using a cheap VPS as a remote workstation

How secure would it be use a VPS as a remote workstation . It would be locked down to only use SSH.
I would disable the history etc. Would everything that I type still appear in the logs.? Here I am thinking about code etc saving in encrypted files.

Tagged:
«1

Comments

  • @anvender said:
    How secure would it be use a VPS as a remote workstation . It would be locked down to only use SSH.
    I would disable the history etc. Would everything that I type still appear in the logs.? Here I am thinking about code etc saving in encrypted files.

    I'm not sure that I really understand what you would be so worried about.

    I've used (and still use) a VPS as a remote workstation. As long as one takes the usual precautions, I don't see the big risks.

    It's another matter if you want to keep state secrets that you have access to on your VPS, or if you do sensitive work that needs to be hidden at any cost.

    Would everything that I type still appear in the logs.? Here I am thinking about code etc saving in encrypted files.

    This would depend on the program(s) that you use, but (the histories kept by shells aside) I don't think that most programs keep logs of everything that you type.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • I don't really understand here, why would a VPS be any less secure then your laptop or workstation?

  • ehabehab Content Writer
    edited March 22

    anvender wants to watch naughtys sites while at work and he is also afraid of getting caught by her.

    Thanked by (1)angstrom
  • @rcy026 said:
    I don't really understand here, why would a VPS be any less secure then your laptop or workstation?

    Well, in the sense that your laptop or workstation doesn't need to be connected to the internet.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • @ehab said:
    anvender wants to watch naughtys sites while at work and he is also afraid of getting caught be her.

    I didn't even think of this ... :o

    (I was misled by "code etc saving in encrypted files"!)

    Thanked by (1)ehab

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • rm_rm_
    edited March 22

    I don't really understand here, why would a VPS be any less secure then your laptop or workstation?

    Because the provider can stealthily view and copy the RAM content of your VPS and all its storage, whereas they cannot do the same in your laptop or workstation.

  • lentrolentro Hosting Provider

    @rm_ said: the provider can stealthily view and copy the RAM content of your VPS and all its storage

    Maybe use a few more bucks per month to save worrying about your provider...

  • Maybe use a few more bucks per month to save worrying about your provider...

    You mean get a dedicated server instead of a VPS? Yes, absolutely.

  • @rm_ said:

    I don't really understand here, why would a VPS be any less secure then your laptop or workstation?

    Because the provider can stealthily view and copy the RAM content of your VPS and all its storage, whereas they cannot do the same in your laptop or workstation.

    True, but with that level of paranoia op should really not be connected to the internet and definitely not post on a public forum.

  • True, but with that level of paranoia op should really not be connected to the internet and definitely not post on a public forum.

    Connecting to an internet or posting public information on a public forum doesn't endanger your private information nearly as much as actually uploading it to someone else's computer.

  • @rm_ said:

    I don't really understand here, why would a VPS be any less secure then your laptop or workstation?

    Because the provider can stealthily view and copy the RAM content of your VPS and all its storage, whereas they cannot do the same in your laptop or workstation.

    Perhaps this is what the OP had in mind (but which he didn't clarify very well).

    In any case, the OP may have already disappeared (signed up, posted, then left) -- we'll see.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • ehabehab Content Writer
    edited March 22

    only @deank can smell these things... lets ask his nose ?

    or @anvender tell the truth?

  • deankdeank OGOfficial Troll

    Not worth it, to be honest.

    A request like this is so obvious.

    Thanked by (1)ehab

    The Amitz day is October 21. ♻ I call people by their soulname.

  • @ehab said:
    anvender wants to watch naughtys sites while at work and he is also afraid of getting caught by her.

    VPS will not work, the CPU running like crazy when you watch youtube.

    Thanked by (1)ehab

    Be aware or Be next

  • @rm_ said:

    True, but with that level of paranoia op should really not be connected to the internet and definitely not post on a public forum.

    Connecting to an internet or posting public information on a public forum doesn't endanger your private information nearly as much as actually uploading it to someone else's computer.

    Technically that might be true, but in reality this means the provider would have to be aware of op, would have to be interested in op's work, know that op is using his vps, and whatever op is doing has to be worth the effort.
    For all of that to be even remotely likely op would have to be doing some multimillion development or working on top secret government stuff. Either way, it's the kind of work that requires enough intelligence/experience to not have to ask such a question on this kind of forum.
    I find it much more likely that op suffers a code injection from an ad on a public forum or clicks on a link in an email from a nigerian prince.

    Thanked by (1)lentro
  • My tax returns are on my self-hosted Nextcloud in a VPS.
    The provider could read the tax return, go to IRS website to change direct deposit information to their account, and steal my stimulus check.
    But then they'll get a call from the FBI.
    Not worth it.

    I have five ≥1GB, ≤$16/year KVM servers. Are you jealous?

  • @yoursunny said:
    My tax returns are on my self-hosted Nextcloud in a VPS.
    The provider could read the tax return, go to IRS website to change direct deposit information to their account, and steal my stimulus check.
    But then they'll get a call from the FBI.
    Not worth it.

    There are worse scenarios, you took it lightly. Depending on the kind of information they could steal your identity, use it for malicious purposes. You will never recover from that. With the right information they can scam other people for millions, using your identity. FBI will come for you instead and you have to prove that you didn't fraud the IRS and scam other people.

  • If one doesn't trust a particular VPS provider in this respect, then one shouldn't have a VPS at that provider.

    If one doesn't trust any VPS provider in this respect, then one shouldn't have any VPS at any provider.

    (Is there much more to say about this?)

    Thanked by (1)yoursunny

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • @angstrom said: If one doesn't trust a particular VPS provider in this respect, then one shouldn't have a VPS at that provider.

    Well there's trust and then there's trust. Do I trust them enough to keep my mp3 collection there? Sure. Do I trust them enough to keep my unencrypted tax returns there? No. The consequences for being wrong are higher in the second scenario.

  • MewMew
    edited March 22

    @skorous said:

    @angstrom said: If one doesn't trust a particular VPS provider in this respect, then one shouldn't have a VPS at that provider.

    Well there's trust and then there's trust. Do I trust them enough to keep my mp3 collection there? Sure. Do I trust them enough to keep my unencrypted tax returns there? No. The consequences for being wrong are higher in the second scenario.

    ^ Can’t agree more.

    I’m not saying you shouldn’t trust your provider or be paranoid. My point is that you shouldn’t take the consequences lightly in the rare case it does happen.

  • edited March 22

    @skorous said:

    @angstrom said: If one doesn't trust a particular VPS provider in this respect, then one shouldn't have a VPS at that provider.

    Well there's trust and then there's trust. Do I trust them enough to keep my mp3 collection there? Sure. Do I trust them enough to keep my unencrypted tax returns there? No. The consequences for being wrong are higher in the second scenario.

    Okay, yes, I see: you might decide that you can trust a provider p with file f but not with file g.

    (Seriously, though: are one's tax returns really so sensitive? :) Donald Trump's tax returns are very sensitive, but this is because they show that he's hardly paid any taxes, which he wants to hide.)

    Frankly, my personal attitude is one of all or nothing: if I trust a provider p, then I trust p with any file f.

    If I trust a provider p, then my potential worry isn't about p. Rather, my potential worry is about intruders: if someone compromises my VPS. This potential worry about intruders may lead me to decide not to store certain (sensitive) files on my VPS.

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • Following this logic, then, running an e-store on a vps (something much more secure from running it on a shared hosting environment) or even in a dedicated server, is a great risk because someone can steal sensitive infos on your incoming, bank details, crypto payments etc.
    It will always be a risk on any online information. It is all on how you trust the provider you chose and for what job. Having a remote desktop to do some remote tasks on a shady summer host, maybe contains some risk. Doing it on some more respectful provider (even small ones like Ant or Fran) I guess is pretty secure.

    • If a program actually fits in memory and has enough disk space, it is guaranteed to crash.
    • If such a program has not crashed yet, it is waiting for a critical moment before it crashes.

  • @angstrom said: Seriously, though: are one's tax returns really so sensitive?

    Having had my identity stolen twice over the years I'm going to say yes because it's an annoying amount of forms to fill out and phone calls to make. Two of my least favourite things - paperwork and people. ;-)

    Thanked by (1)angstrom
  • edited March 23

    Thanks for the comments. The idea was just to use the VPS as a workstation terminal to do some coding. Did'nt even know that you could watch youtube from a CLI. I was amazed how much stuff I could actually pack into a vps128. Ended up putting tmux, golang, vim, mc, dnstools, borgbackup and openpgp on it. And disabled the history logs. This means that I have a Linux system available even if I'm on a MAC or Windows box.

  • ehabehab Content Writer

    @anvender said:

    no hanky panky?

    Thanked by (1)angstrom
  • @ehab said:

    @anvender said:

    no hanky panky?

    As if I would.

    Thanked by (1)ehab
  • Totally doable and perfectly "secure" if you have the right approach to setting it up securely.

    Throwing Apache guacamole here because it's an awesome web -> remote desktop solution.

    Thanked by (2)PHP_Backend skorous

    Resident numpty

  • @angstrom said:
    Seriously, though: are one's tax returns really so sensitive?

    A bit off topic, but this has always puzzled me. Here in Sweden tax returns are public documents, you can lookup exactly how much income someone has and how much they pay in taxes.
    But Americans (maybe others too, haven't really paid attention to nationality) seems to go to great length to keep it a secret. I cant really see why, in what way could it hurt me if people know how much I pay in taxes?

  • edited March 30

    One possibility is that your (I guess not just Swedish but Scandinavian?) transparency in general is most likely a good thing for employees - as long as everyone knows more or less how much you and your peers are earning, this leads closer to a fair pay for all (although this is probably just part of it, I bet your high levels of unionization aren't hurting either:).

    On the other hand, the "American" way of hiding salaries/tax returns is probably good for (predatory) business - this way, as a company, you might be able to pay a lower wage to an employee doing the same job as others, but who has mediocre negotiating skills (and/or has no idea what might constitute a fair pay for his position)

Sign In or Register to comment.