Update split-ssh.md

2024-10-01 01:05:51 -04:00 · 2020-11-18 13:25:04 +00:00 · 2020-11-18 13:25:04 +00:00 · 1211564161
commit 1211564161
parent c3d49d80de
1 changed files with 7 additions and 4 deletions
--- a/docs/configuration/split-ssh.md
+++ b/docs/configuration/split-ssh.md
@ -373,10 +373,13 @@ In order to gain access to the vault VM, the attacker would require the use of,
 ### Regarding Your SSH Private Key
 * This goes without saying but keep your private keys **private**. 
 * Typically you want your the permissions to your key-related files to be
-    `.ssh` directory: `700 (drwx------)`
-    public key (`id_ed25519.pub` file): `644 (-rw-r--r--)`
-    private key (`id_ed25519`): `600 (-rw-------)`
-    lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).
+    `.ssh` directory: `700 (drwx------)`<br/>
+    public key (`id_ed25519.pub` file): `644 (-rw-r--r--)`<br/>
+    private key (`id_ed25519`): `600 (-rw-------)`<br/>
+    lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).<br/>
+    
+   But considering how your vault needs to be compromised before these files can even be noticed, this step is meaningless.
+   Since an adversary who can find a Xen VM escape exploit can most probably also find a user to root escalation exploit.

 ### Regarding Your KeePassXC Database File
 Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced.