From d2ad5e066b97e0e900741ac8f79c2aaf926b1d40 Mon Sep 17 00:00:00 2001 From: Santori Helix <74464484+santorihelix@users.noreply.github.com> Date: Wed, 18 Nov 2020 13:34:20 +0000 Subject: [PATCH] Update split-ssh.md --- docs/configuration/split-ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/split-ssh.md b/docs/configuration/split-ssh.md index 595a2bb..3fc399d 100644 --- a/docs/configuration/split-ssh.md +++ b/docs/configuration/split-ssh.md @@ -366,7 +366,7 @@ Check if it returns `ssh-ed25519 ` ## Security Benefits In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the user’s private key since it is simply not there. -Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised, if nothing is ever copied or transferred into it. +Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised if nothing is ever copied or transferred into it. In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based. ## Further Security tips