I have a dedicated minimal template used only for SSHing into remote machines. Basically fedora-24-minimal template clone with only openssh-client installed, and separate AppVMs based on that for different groups of servers I log into from there with respective SSH keys in each. This way if one machine compromised my template via e.g. arcane terminal escapes or something, it shouldn't gain lateral access to other machines belonging to different organizations that I also have access to.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_CM4q%3DoUG74HbLedNGPo4L5rFUxe4sp35FZ7WSbbW2wTg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
