2023-11-13 09:33:28 -05:00
|
|
|
# sys-ssh
|
|
|
|
|
|
|
|
|
|
SSH over Qrexec in Qubes OS.
|
|
|
|
|
|
|
|
|
|
## Table of Contents
|
|
|
|
|
|
|
|
|
|
* [Description](#description)
|
|
|
|
|
* [Installation](#installation)
|
|
|
|
|
* [Access Control](#access-control)
|
|
|
|
|
* [Usage](#usage)
|
|
|
|
|
* [Server](#server)
|
|
|
|
|
* [Client](#client)
|
|
|
|
|
* [Credits](#credits)
|
|
|
|
|
|
|
|
|
|
## Description
|
|
|
|
|
|
|
|
|
|
Creates a SSH server qube named "sys-ssh" to be a central document
|
|
|
|
|
store to which other qubes have access with SSH File Transfer Protocol, using
|
|
|
|
|
the tool sshfs. This is a simple tool that allows individual qubes to mount a
|
|
|
|
|
another qube's filesystem rather than using `qvm-copy` or `qvm-move`.
|
|
|
|
|
|
|
|
|
|
The greatest problem with the Rsync solution is that it makes copies of the
|
|
|
|
|
files or directories. This may be fine with a small amount of data, but with
|
|
|
|
|
large files, or large numbers of files, there's a significant overhead. SSH
|
|
|
|
|
File Transfer Protocol provides a way for clients to access files on the
|
|
|
|
|
server qube directly.
|
|
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
|
|
|
|
|
- Top:
|
|
|
|
|
```sh
|
2024-02-23 10:54:35 -05:00
|
|
|
sudo qubesctl top.enable sys-ssh
|
|
|
|
|
sudo qubesctl --targets=tpl-sys-ssh,sys-ssh state.apply
|
|
|
|
|
sudo qubesctl top.disable sys-ssh
|
2023-11-13 09:33:28 -05:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- State:
|
|
|
|
|
<!-- pkg:begin:post-install -->
|
|
|
|
|
```sh
|
2024-02-23 10:54:35 -05:00
|
|
|
sudo qubesctl state.apply sys-ssh.create
|
|
|
|
|
sudo qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install
|
|
|
|
|
sudo qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure
|
2023-11-13 09:33:28 -05:00
|
|
|
```
|
|
|
|
|
<!-- pkg:end:post-install -->
|
|
|
|
|
|
|
|
|
|
Install on the client template:
|
|
|
|
|
```sh
|
2024-02-23 10:54:35 -05:00
|
|
|
sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh.install-client
|
2023-11-13 09:33:28 -05:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
The client qube requires the SSH forwarder service to be enabled:
|
|
|
|
|
```
|
|
|
|
|
qvm-features QUBE service.ssh-setup 1
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Access Control
|
|
|
|
|
|
|
|
|
|
A `qusal.Ssh` service is created to allow use of SSH over Qrexec. The default
|
|
|
|
|
policy `asks` if you want to connect with the `sys-ssh` qube.
|
|
|
|
|
|
|
|
|
|
If you want to `allow` SSH between qubes, insert in you user policy
|
|
|
|
|
file `/etc/qubes/policy.d/30-user.policy` to allow the service using the
|
|
|
|
|
following format:
|
|
|
|
|
```qrexecpolicy
|
|
|
|
|
qusal.Ssh * SOURCE @default allow target=TARGET
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
When the client can change the data on the server, it can also possibly
|
|
|
|
|
compromise the server or at least make it hold malicious files and propagate
|
|
|
|
|
the malicious data with clients it is connected to.
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
|
|
### Server
|
|
|
|
|
|
|
|
|
|
It is possible to constrain access to files on the server, using (e.g) SSH
|
|
|
|
|
chroots and access control mechanisms. This is left for the user to configure.
|
|
|
|
|
|
|
|
|
|
Passwordless login through empty passwords are allowed when the host matches
|
|
|
|
|
127.0.0.1, it makes no sense to restrict the access if the Qrexec call was
|
|
|
|
|
already permitted.
|
|
|
|
|
|
|
|
|
|
### Client
|
|
|
|
|
|
|
|
|
|
The SSH connection is available with the socket `localhost:1840`.
|
|
|
|
|
|
|
|
|
|
From the client, mount the server `/home/user` directory as a SSH File System
|
|
|
|
|
in the client `/home/user/sshfs` directory:
|
|
|
|
|
```sh
|
|
|
|
|
mkdir ~/sshfs
|
|
|
|
|
sshfs -p 1840 localhost:/home/user /home/user/sshfs
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Credits
|
|
|
|
|
|
|
|
|
|
- [Unman](https://github.com/unman/qubes-sync)
|
