Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2025-05-03 14:56:05 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update split-ssh.md

Browse source
This commit is contained in:
Santori Helix 2020-11-18 13:34:20 +00:00 committed by GitHub
parent c2df9591c3
commit d2ad5e066b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/configuration/split-ssh.md
View file

@ -366,7 +366,7 @@ Check if it returns `ssh-ed25519 <public key string>`
## Security Benefits ## Security Benefits
In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the users private key since it is simply not there. In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the users private key since it is simply not there.
Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised, if nothing is ever copied or transferred into it. Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised if nothing is ever copied or transferred into it.
In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based. In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based.
## Further Security tips ## Further Security tips