mirror of
https://github.com/Qubes-Community/Contents.git
synced 2025-01-09 14:19:31 -05:00
Update split-ssh.md
This commit is contained in:
Santori Helix
GitHub
parent
c3d49d80de
commit
1211564161
@ -373,10 +373,13 @@ In order to gain access to the vault VM, the attacker would require the use of,
|
|||||||
### Regarding Your SSH Private Key
|
### Regarding Your SSH Private Key
|
||||||
* This goes without saying but keep your private keys **private**.
|
* This goes without saying but keep your private keys **private**.
|
||||||
* Typically you want your the permissions to your key-related files to be
|
* Typically you want your the permissions to your key-related files to be
|
||||||
`.ssh` directory: `700 (drwx------)`
|
`.ssh` directory: `700 (drwx------)`<br/>
|
||||||
public key (`id_ed25519.pub` file): `644 (-rw-r--r--)`
|
public key (`id_ed25519.pub` file): `644 (-rw-r--r--)`<br/>
|
||||||
private key (`id_ed25519`): `600 (-rw-------)`
|
private key (`id_ed25519`): `600 (-rw-------)`<br/>
|
||||||
lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).
|
lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).<br/>
|
||||||
|
|
||||||
|
But considering how your vault needs to be compromised before these files can even be noticed, this step is meaningless.
|
||||||
|
Since an adversary who can find a Xen VM escape exploit can most probably also find a user to root escalation exploit.
|
||||||
|
|
||||||
### Regarding Your KeePassXC Database File
|
### Regarding Your KeePassXC Database File
|
||||||
Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced.
|
Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user