Re: [qubes-users] Dealing with ssh
I have a dedicated minimal template used only for SSHing into remote machines. Basically fedora-24-minimal template clone with only openssh-client installed, and separate AppVMs based on that for different groups of servers I log into from there with respective SSH keys in each. This way if one machine compromised my template via e.g. arcane terminal escapes or something, it shouldn't gain lateral access to other machines belonging to different organizations that I also have access to. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_CM4q%3DoUG74HbLedNGPo4L5rFUxe4sp35FZ7WSbbW2wTg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Dealing with ssh
What is the best way to handle ssh in Qubes? I have a set of machines I often log in to remotely, and I want to make sure the sessions (as well as the private keys) are protected from vulnerabilities in other applications. Currently I have set of a dedicates ssh qube from which I run all my ssh sessions. I've also set its firewall to only allow access to the machines I normally connect to. Is there a better way to handle this? Ideally, I'd like to be able to use dispvms for ssh, but how would I handle the private keys? How do other people do this? Regards, Elias -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/733c2264-8f4a-4170-9122-697d50f83a6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.