Actions

Dev/Qubes Remote Support

From Whonix

< Dev

QubesOS to be remotely manageable from on-demand, ephemeral, hidden onion service to dom0/AdminVM.

goals[edit]

  • functional for users with slow internet connections

out of scope[edit]

desired security properties[edit]

  • clear and reliable signaling to the user whether remote admin is enabled and whether it is currently in use
  • reliable auditing of actions done by the remote admin (session recording? how to make it impossible for admin to hide/remove things?)
  • compromise of any single VM (specifically sys-whonix) should not compromise the whole system (extra secure channel besides hidden service, ssh?)

implementation[edit]

  • use screen or tmux to overcome connection interruptions
  • Command line tools (which can be called by any GUI).
  • Whonix-Workstation package. (GUI and command line tools would run here.)
  • Whonix-Gateway package. (Tor onion service)
  • dom0 package (Qubes dom0 configuration, SSH/VNC server)
  • Packaging of a (python) GUI [1] (the GUI itself to be written by someone else)
  • upload to Whonix repository
  • add to Whonix by default if wanted

sys-whonix GUI[edit]

able to see already existing hidden services per sys-whonix in a widget.

Adding remote support thought requirements:

  • List configured onion services.
  • Delete them.
  • Create new remote support related hidden onion service. When done, output onion address, port and shared secret for the user to copy paste to chosen secured communication channel.
  • create time based or persistent remote support
  • multiple remote support onions at the same time
  • optionally a feature to send access info to the support agent from the GUI (for example GPG encrypted email)

Missing parts[edit]

Avoidable?

  • Qubes dom0 salt
  • Qubes dom0 GUI

GUI[edit]

  • Who's creating the GUI?

See also[edit]