Update split-ssh.md

This commit is contained in:
Santori Helix 2020-11-19 14:42:38 +00:00 committed by GitHub
parent bc3c4fc82b
commit 4d9f6074c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -139,33 +139,6 @@ With this configuration you'll be prompted for a password the first time you sta
## Setting Up VM Interconnection ## Setting Up VM Interconnection
### In the TemplateVM to your vault VM:
1. Create the file `qubes.SshAgent` in `/etc/qubes-rpc`
- Open the file with e.g. `nano`
```shell_prompt
[user@fedora-32 ~]$ sudo nano /etc/qubes-rpc/qubes.SshAgent
```
- Paste the following contents:
```shell_prompt
#!/bin/sh
# Qubes App Split SSH Script
# safeguard - Qubes notification bubble for each ssh request
notify-send "[`qubesdb-read /name`] SSH agent access from: $QREXEC_REMOTE_DOMAIN"
# SSH connection
ncat -U $SSH_AUTH_SOCK
```
- Save and exit.
2. Shutdown the template VM.
### In `dom0`: ### In `dom0`:
1. Create the file `qubes.SshAgent` in `/etc/qubes-rpc` 1. Create the file `qubes.SshAgent` in `/etc/qubes-rpc`
@ -200,6 +173,34 @@ With this configuration you'll be prompted for a password the first time you sta
2. Close the terminal. **Do not shutdown `dom0`.** 2. Close the terminal. **Do not shutdown `dom0`.**
### In the TemplateVM to your vault VM:
1. Create the file `qubes.SshAgent` in `/etc/qubes-rpc`
- Open the file with e.g. `nano`
```shell_prompt
[user@fedora-32 ~]$ sudo nano /etc/qubes-rpc/qubes.SshAgent
```
- Paste the following contents:
```shell_prompt
#!/bin/sh
# Qubes App Split SSH Script
# safeguard - Qubes notification bubble for each ssh request
notify-send "[`qubesdb-read /name`] SSH agent access from: $QREXEC_REMOTE_DOMAIN"
# SSH connection
ncat -U $SSH_AUTH_SOCK
```
- Save and exit.
2. Shutdown the template VM.
### In an SSH Client AppVM terminal ### In an SSH Client AppVM terminal
Theoretically, you can use any AppVM but to increase security it is advised to create a dedicated AppVM for your SSH connections. Theoretically, you can use any AppVM but to increase security it is advised to create a dedicated AppVM for your SSH connections.