We host our web application on a VPS, I maintain LAMP environment there to fulfill our client needs (I work on relatively small SaaS service provider), I also set up a script to backup the system regularly at night.
Our company had just upgraded all of our Linux VPS to specification of 5gb ram, 5 vcpu, 100gb ssd, etc., this is because my client complain about slow database processing, I thought it might have to do with low specification our VPS had before.
Still, the database problem persist, so my boss asked me to debug the mysql process on each VPS we have. From this I found that only one out of five core seem to be used, this also happens to another VPS.
I suspect that the provider enforce a CPU limit, so I headed out to their customer support to clarify this, first they asked me list of each VPS IP Address, so I handed them that (though I felt strange as why they couldn’t do this by themselves ?). They say they will follow up my complain through email (I reached them via live chat on their website).
This morning an email from them landed on our company account, they asked for and I quote.
Dear Sir or Madam
To follow up from our previous conversation, we need to access your VPS, please give us your port, user, and ssh password.
We expect your replies.
This really surprised me as why do they need this information just to answer my question regarding their CPU policy, now I could never handing them this sensitive information. But is it really normal for an VPS support to request this information ?