mirror of
https://github.com/ben-grande/qusal.git
synced 2025-01-27 23:57:14 -05:00
97 lines
2.7 KiB
Markdown
97 lines
2.7 KiB
Markdown
|
# sys-ssh
|
||
|
|
||
|
SSH over Qrexec in Qubes OS.
|
||
|
|
||
|
## Table of Contents
|
||
|
|
||
|
* [Description](#description)
|
||
|
* [Installation](#installation)
|
||
|
* [Access Control](#access-control)
|
||
|
* [Usage](#usage)
|
||
|
* [Server](#server)
|
||
|
* [Client](#client)
|
||
|
* [Credits](#credits)
|
||
|
|
||
|
## Description
|
||
|
|
||
|
Creates a SSH server qube named "sys-ssh" to be a central document
|
||
|
store to which other qubes have access with SSH File Transfer Protocol, using
|
||
|
the tool sshfs. This is a simple tool that allows individual qubes to mount a
|
||
|
another qube's filesystem rather than using `qvm-copy` or `qvm-move`.
|
||
|
|
||
|
The greatest problem with the Rsync solution is that it makes copies of the
|
||
|
files or directories. This may be fine with a small amount of data, but with
|
||
|
large files, or large numbers of files, there's a significant overhead. SSH
|
||
|
File Transfer Protocol provides a way for clients to access files on the
|
||
|
server qube directly.
|
||
|
|
||
|
## Installation
|
||
|
|
||
|
- Top:
|
||
|
```sh
|
||
|
qubesctl top.enable sys-ssh
|
||
|
qubesctl --targets=tpl-sys-ssh,sys-ssh state.apply
|
||
|
qubesctl top.disable sys-ssh
|
||
|
```
|
||
|
|
||
|
- State:
|
||
|
<!-- pkg:begin:post-install -->
|
||
|
```sh
|
||
|
qubesctl state.apply sys-ssh.create
|
||
|
qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install
|
||
|
qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure
|
||
|
```
|
||
|
<!-- pkg:end:post-install -->
|
||
|
|
||
|
Install on the client template:
|
||
|
```sh
|
||
|
qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh.install-client
|
||
|
```
|
||
|
|
||
|
The client qube requires the SSH forwarder service to be enabled:
|
||
|
```
|
||
|
qvm-features QUBE service.ssh-setup 1
|
||
|
```
|
||
|
|
||
|
## Access Control
|
||
|
|
||
|
A `qusal.Ssh` service is created to allow use of SSH over Qrexec. The default
|
||
|
policy `asks` if you want to connect with the `sys-ssh` qube.
|
||
|
|
||
|
If you want to `allow` SSH between qubes, insert in you user policy
|
||
|
file `/etc/qubes/policy.d/30-user.policy` to allow the service using the
|
||
|
following format:
|
||
|
```qrexecpolicy
|
||
|
qusal.Ssh * SOURCE @default allow target=TARGET
|
||
|
```
|
||
|
|
||
|
When the client can change the data on the server, it can also possibly
|
||
|
compromise the server or at least make it hold malicious files and propagate
|
||
|
the malicious data with clients it is connected to.
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
### Server
|
||
|
|
||
|
It is possible to constrain access to files on the server, using (e.g) SSH
|
||
|
chroots and access control mechanisms. This is left for the user to configure.
|
||
|
|
||
|
Passwordless login through empty passwords are allowed when the host matches
|
||
|
127.0.0.1, it makes no sense to restrict the access if the Qrexec call was
|
||
|
already permitted.
|
||
|
|
||
|
### Client
|
||
|
|
||
|
The SSH connection is available with the socket `localhost:1840`.
|
||
|
|
||
|
From the client, mount the server `/home/user` directory as a SSH File System
|
||
|
in the client `/home/user/sshfs` directory:
|
||
|
```sh
|
||
|
mkdir ~/sshfs
|
||
|
sshfs -p 1840 localhost:/home/user /home/user/sshfs
|
||
|
```
|
||
|
|
||
|
## Credits
|
||
|
|
||
|
- [Unman](https://github.com/unman/qubes-sync)
|