1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-01-05 03:31:33 -05:00

Remove unnecessary colons

Signed-off-by: tommytran732 <contact@tommytran.io>
This commit is contained in:
tommytran732 2022-08-13 23:19:45 -04:00
parent adb2ab21ca
commit 19a1eb4e99
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -23,14 +23,14 @@ This part is based on the Qubes Community's [guide](https://github.com/Qubes-Com
- Create `/etc/qubes-rpc/policy/qubes.SshAgent` with `@anyvm @anyvm ask,default_target=vault` as the content. Since the keys ar not passphrase protected, you should **not** set the policy to allow. - Create `/etc/qubes-rpc/policy/qubes.SshAgent` with `@anyvm @anyvm ask,default_target=vault` as the content. Since the keys ar not passphrase protected, you should **not** set the policy to allow.
### In `vault` AppVM: ### In `vault` AppVM
- Add `enable-ssh-support` to the end of `~/.gnupg/gpg-agent.conf` - Add `enable-ssh-support` to the end of `~/.gnupg/gpg-agent.conf`
- Get your keygrip with `gpg --with-keygrip -k` - Get your keygrip with `gpg --with-keygrip -k`
- Add your keygrip to the end of `~/.gnupg/sshconrol` - Add your keygrip to the end of `~/.gnupg/sshconrol`
![PGP Keygrip](/images/keygrip.png) ![PGP Keygrip](/images/keygrip.png)
### In `vault`'s TemplateVM: ### In `vault`'s TemplateVM
- Create `/etc/qubes-rpc/qubes.SshAgent` with the following content: - Create `/etc/qubes-rpc/qubes.SshAgent` with the following content:
```bash ```bash
@ -52,7 +52,7 @@ socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"
- Make it executable with `sudo chmod +x /etc/qubes-rpc/qubes.SshAgent` - Make it executable with `sudo chmod +x /etc/qubes-rpc/qubes.SshAgent`
- Turn off the templateVM. If the `vault` VM is running, turn it off, then start it to update the VM's configuration. - Turn off the templateVM. If the `vault` VM is running, turn it off, then start it to update the VM's configuration.
### In `ssh-client` AppVM: ### In `ssh-client` AppVM
- Add the following to the end of `/rw/config/rc.local`: - Add the following to the end of `/rw/config/rc.local`:
```bash ```bash
@ -82,5 +82,5 @@ fi
- Restart `ssh-client` and confirm if it's working with `ssh-add -L`. - Restart `ssh-client` and confirm if it's working with `ssh-add -L`.
### Limitations: ### Limitations
A malicious `ssh-client` AppVM can hold onto the ssh-agent connection for more than one use until it is shut down. While your private key is protected, a malicious actor with access to the AppVM can still abuse the ssh-agent to log into your servers. A malicious `ssh-client` AppVM can hold onto the ssh-agent connection for more than one use until it is shut down. While your private key is protected, a malicious actor with access to the AppVM can still abuse the ssh-agent to log into your servers.