Dev/Qubes Remote Support
QubesOS to be remotely manageable from on-demand, ephemeral, hidden onion service to dom0/AdminVM.
- functional for users with slow internet connections
out of scope
desired security properties
- clear and reliable signaling to the user whether remote admin is enabled and whether it is currently in use
- reliable auditing of actions done by the remote admin (session recording? how to make it impossible for admin to hide/remove things?)
- compromise of any single VM (specifically sys-whonix) should not compromise the whole system (extra secure channel besides hidden service, ssh?)
- use screen or tmux to overcome connection interruptions
- Command line tools (which can be called by any GUI).
- Whonix-Workstation package. (GUI and command line tools would run here.)
- Whonix-Gateway package. (Tor onion service)
- dom0 package (Qubes dom0 configuration, SSH/VNC server)
- Packaging of a (python) GUI  (the GUI itself to be written by someone else)
- upload to Whonix repository
- add to Whonix by default if wanted
able to see already existing hidden services per sys-whonix in a widget.
Adding remote support thought requirements:
- List configured onion services.
- Delete them.
- Create new remote support related hidden onion service. When done, output onion address, port and shared secret for the user to copy paste to chosen secured communication channel.
- create time based or persistent remote support
- multiple remote support onions at the same time
- optionally a feature to send access info to the support agent from the GUI (for example GPG encrypted email)
- Qubes dom0 salt
- Qubes dom0 GUI
- Who's creating the GUI?