Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2024-10-01 01:05:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update split-ssh.md

Browse Source
This commit is contained in:
Santori Helix 2020-11-18 13:27:34 +00:00 committed by GitHub
parent fb0ad16697
commit 530415a6a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/configuration/split-ssh.md
View File

@ -372,15 +372,7 @@ In order to gain access to the vault VM, the attacker would require the use of,
## Further Security tips
### Regarding Your SSH Private Key
* This goes without saying but keep your private keys **private**.
* Typically you want your the permissions to your key-related files to be
`.ssh` directory: `700 (drwx------)`<br/>
public key (`id_ed25519.pub` file): `644 (-rw-r--r--)`<br/>
private key (`id_ed25519`): `600 (-rw-------)`<br/>
lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)).<br/>
But considering how your vault needs to be compromised before these files can even be noticed, this step is meaningless.
Since an adversary who can find a Xen VM escape exploit can most probably also find a user to root escalation exploit.
* Tinkering with the user permissions is not necessary since it is assumed that an adversary who can find a Xen VM escape exploit is also capable of finding a user to root escalation exploit.
### Regarding Your KeePassXC Database File
Although the database file is encrpyted with your password, if you haven't taken any protective measures, it can be bruteforced.