Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2024-09-21 16:25:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update split-ssh.md

Browse Source
This commit is contained in:
Santori Helix 2020-11-18 12:37:37 +00:00 committed by GitHub
parent bc91bfd5d8
commit 224c17dba6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/configuration/split-ssh.md
View File

@ -368,6 +368,13 @@ Depending on your threat model you can:
* Add an additional security layer by adding a second encryption layer (e.g. VeraCrypt, \*.7z with password) * Add an additional security layer by adding a second encryption layer (e.g. VeraCrypt, \*.7z with password)
* Upload the \*.kdbx to an end-to-end-encrypted email box (e.g. Tutanota, ProtonMail) * Upload the \*.kdbx to an end-to-end-encrypted email box (e.g. Tutanota, ProtonMail)
## Security Benefits
In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the users private key since it is simply not there.
Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised, if nothing is ever copied or transferred into it.
In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based.
Want more Qubes split magic? Want more Qubes split magic?
Check out [Split-GPG][Split-GPG]. Check out [Split-GPG][Split-GPG].