Yes. You can just kill the VM, mount the LVM from the node, and go rooting around just like you could an OpenVZ. We've had to do this a couple of times when a client FUBAR'd their install, but had data they absolutely had to recover.What about on KVM environments? Can the host still see your data?
For full disk encryption, I recently came across this nice tutorial:How would someone go about encrypting all or part of their VPS? I would, personally, like a tutorial on this posted.
Do you have a how-to document for accomplishing this? Sounds very awesome and certainly tons of folks would benefit from such knowledge.A neat trick for the whole encrypted disk setup is to have Dropbear (or another SSH server) running in the initial RAM disk, waiting for you to connect manually and unlock the encrypted partition or even better have a script do that automagically. Way more comfortable than having to resort to VNC or other such methods.
So, why not just email your host all your data then? The only good reason to not configure an encrypted disk is if you need decently high I/O (if you're using HDD, the difference in speed will not be that great although CPU usage would be higher).Linux FDE in a vps doesn't protect you from a snooping host if your disk is unlocked (ie, running) and the VM has the keys in memory. qemu/kvm even supports connecting to a remote debugger from the kvm console. A quick scan for common kernel memory structures will probably net you any applicable keys. I think there's a topic on this forum about it from a few months ago. And that's the hard way; the easy way is modifying your initrd to load a custom kernel module.
More of a hassle, sure, but in no way difficult. Maybe if you used FDE in conjunction with a TPM and a microkernel that enforced permissions in modules or you didn't allow loadable (and unloadable) modules would it be more resilient, but as is it's not so great. As usual, it's an added layer of security but not without flaws.
What it comes down to is on your VPS, you must trust your host not to pry.
That's a poor analogy because the data on the disk isn't passing through anything outside of your provider's control. If you mean a third party might remove the disks from the machine, sure, it protects against that. FDE in a running vps is not a challenge to someone with root on the host and a willingness to spend 10 minutes google searching.So, why not just email your host all your data then? The only good reason to not configure an encrypted disk is if you need decently high I/O (if you're using HDD, the difference in speed will not be that great although CPU usage would be higher).