Update split-ssh.md

This commit is contained in:
Santori Helix 2020-11-18 22:38:16 +00:00 committed by GitHub
parent 171b5db8f7
commit 417c318fdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -388,9 +388,6 @@ In order to gain access to the vault VM, the attacker would require the use of,
### Regarding Your SSH Private Key ### Regarding Your SSH Private Key
* This goes without saying: keep your private keys **private**. * This goes without saying: keep your private keys **private**.
* Tinkering with the user permissions is not necessary since it is assumed that an adversary who can find a Xen VM escape exploit is also capable of finding a user to root escalation exploit. * Tinkering with the user permissions is not necessary since it is assumed that an adversary who can find a Xen VM escape exploit is also capable of finding a user to root escalation exploit.
* Use Yubikey with SSH. Check [yubikey-agent](https://github.com/FiloSottile/yubikey-agent), [yubikey-ssh](https://github.com/jamesog/yubikey-ssh) and the [Yubikey documentation](https://developers.yubico.com/SSH/) for more information.
![yubikey diagram](https://raw.githubusercontent.com/santorihelix/qubes-splitssh-diagram/85e9cd09854231816f478159c42d5bce3e339648/split-ssh-keepassxc-yubikey.svg)
### Regarding Your KeePassXC Database File ### Regarding Your KeePassXC Database File
Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced. Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced.