Regarding this offer: http://lowendtalk.com/discussion/26408/seflow-net-ssd-cloud-from-0-0015-h-1-08-month-charge-5-and-get-10-new-prices i'm testing a VPS from SeFlow/DomFlow and on a newly created server i find inside .ssh/ a populates authorized_keys with this inside:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuKeAOjUCA9BdtPSZb4FKZeNQJLqQq5J50cJCmrokL 5yCax1lIvNg3IgRj2ErgCXNdiObSuGhbpJUIyPBd94AF6y7qQJAoxiLUR62gm/0iDWRJrLMJr8 wGCS7+gFwDX1AJFKsJQmMRViiEd7h007cPLogB/9Q5vFXpPiftLTUMrX6GuibPCmBn00n1 NR+T+3yV1PtwfthbGprZiS0u+nZiBod9cizFLXdXoW94HcC8z8QluDpSzl+8YcbGMAesM9 z+4xev+r+Ukke8pDmbshHrrCy1saqhraPQuycE+lvyq95AJ0dwzbMbb++2CLwNiC7wnk Hz5ZGjbydvGBQda0eLQ==
and within known_hosts
|1|HxAYbI07yepaQi/FxhPNsSeGMeo=|lN9Q1euQgP9mxgh8Tg6XBohM7Is= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNJPgVhvgWrO3ch 62SNdyNyEKr++SGuDB48IRU3F9Cm2YIoXK9JKnTaKSD2/vaav4f22m9mc/NQ5xlsYZZBlA0Y=
I can't find anything on their website explaining that, nor i ever authorized them to keep a backdoor to enter my server. Is there anything evident i'm missing here? Any reason to preload an unmanaged vps with a ssh key?
netstat here: http://s.lowendshare.com/3/1398844685.7.netstat
ps aux here: http://s.lowendshare.com/3/1398844346.530.psaux
Template is a debian wheezy 32 bit (1 year old 7.01), but i can't tell how heavily modified. With many listening services (ntpd, snmpd ...) and the vballoon process running. Hypervisor is KVM so it should be easy to let users install official, updated, clean iso.
The provider is not willing to provide a clean, minimal debian iso, with just virtio drivers. So i'm open to suggestions. Is there a safe way to remove everything and get a surely clean server ?