Whonix ®

Download

Windows Linux Mac VirtualBox KVM Qubes USB ISO (coming soon) More options Source Code

About

Overview Features Whonix vs VPNs Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Anonymous sysadmin of remote systems.

Introduction[edit]

Warning[edit]

Remote administration of any system should be considered a potential anonymity hazard, since it is not under the user's physical protection and could be compromised. All activities, all programs, everything should be assumed to be monitored by the host of the server (VPS, dedicated server, etc.).

Although counter-intuitive, it is necessary to follow all relevant recommendations in the Surfing Posting Blogging chapter to stay safe:

• Beware of Keystroke and Mouse Fingerprinting.
• Beware of Stylometry.
• Beware of difficulties in paying anonymously, see Money.

At a minimum, check the connection is encrypted / authenticated, because Virtual Network Computing (VNC) by default is unencrypted / unauthenticated. Possible methods:

• Perhaps by tunneling VNC through SSH;
• Running VNC through a Tor Onion Service;
• Using both SSH and an Onion Service, for stronger encryption and authentication; or
• Onion Services Authentication.

In case remote servers are exclusively available over .onion: Might get locked out due to Onion Services Reliability Issues.

SSH has a lower attack surface than VNC (for example Mouse Fingerprinting is not possible against simple SSH (terminal only, no X11 forwarding).

UDP[edit]

It is suggested to utilize software that does not require the User Datagram Protocol (UDP), for the following reason.

Remmina[edit]

It is possible to remotely administer any operating system with GNU/Linux by using the Remmina desktop client. Remmina supports multiple network protocols, including RDP, VNC, SPICE, NX, XDMCP, SSH and EXEC. For an overview of Remmina features, see here.

Note there are two separate Debian packages:

• remmina: the main GTK+ application.
• remmina-plugins: a set of plugins to support various network protocols.

If you are interested in using Remmina, please first search the forums for this topic: https://forums.whonix.org/search?q=remmina

SSH into Whonix[edit]

Introduction[edit]

It is possible to install an SSH server on either Whonix-Gateway and/or Whonix-Workstation^™ and make it accessible through an anonymous onion service.

SSH into Whonix-Gateway[edit]

Active: active (running) since ...

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

SSH into Whonix-Workstation[edit]

Active: active (running) since ...

Sep 17 17:40:41.416 [notice] Read configuration file "/usr/local/etc/torrc.d/50_user.conf".
Configuration was valid

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When {{project_name_short}} is updated, this
## file may be overwritten.

Graphical[edit]

Introduction[edit]

It is possible to install a VNC server on either Whonix-Gateway and/or Whonix-Workstation and make it accessible through an anonymous onion service.

x2go[edit]

Installation[edit]

Usage[edit]

In a Whonix-Workstation (remote-support-provider VM). ^[1]

1)

2) Start x2goclient.

As user. Run x2goclient.

• host: the onion v3 domain
• login: the user name such as user
• password: the user login password such as changeme
• session type: connect to local desktop
• media -> disable client side printing support
• media -> disable sound support
• settings for better performance
  • connection -> connection speed -> WAN
  • connection -> image quality 0
  • connection -> method -> 8-jpeg
  • feel free to experiment with these settings
• OK
• Click on the newly setup connection
• OK

Alternatively session type terminal could be used.

Test Results[edit]

Using Non-Qubes-Whonix. All times are created with an external stopwatch and should have +/- 2 seconds human caused inaccuracy.

• keypress delay: 2 seconds
• maximize xfce4-terminal-emulator window: 1.5 seconds
• cd /etc && ls -la: 2 seconds
• clock in systray (shows seconds) update: every 1 or 2 seconds
• start thunar: 5 seconds

Using Qubes / Qubes-Whonix is a lot slower, has additional challenges and is still under development, see Dev/Qubes_Remote_Support.

Qubes - SSH or VNC into Qubes dom0[edit]

Introduction[edit]

Encrypted, authenticated SSH or VNC into Qubes dom0 over an authenticated Tor onion v3 service.

Design ^[2]:

• Encrypted. ^[3]
• Authenticated. ^[4]
• Over Tor.
• Implemented using an authenticated Tor onion v3 service.
• Even if Whonix on qubes-remote-support-receiver machine was compromised, the attacker will not be able to access dom0. ^[5]

• The package will not be installed by default.

• The design requires explicit connection initiation by the user (no any open ports, extra network connections etc before that point). And when the user initiate the connection, it requires sharing a code word with the remote party to be able to connect.

• No open ports required.
• No router settings changes required.
• Works behind NAT.
• Works over mobile networks (3G, 4G, 5G).

Instructions:

• qubes-remote-support-receiver have to be applied by the person who intents to receive remote support.
• qubes-remote-support-provider have to be applied by the person who intents to provide remote support.

qubes-remote-support-receiver[edit]

Not available for Qubes R4.0! Only available on Qubes R4.1 (and above).

Security advice: Giving a third party remote support access is a very delicate permission. As with any remote support permission, the qubes-remote-support-provider could persistently compromise the qubes-remote-support-receiver with malware without the user having a chance to notice that. Learn The Importance of a Malware Free System.

1) Qubes R4.1 dependency installation.

Install package qubes-remote-support-receiver-dom0 in Qubes dom0. ^{[6] [7]}

sudo qubes-dom0-update qubes-remote-support-receiver-dom0

2) Run the qubes-remote-support-receiver-start command line utility.

qubes-remote-support-receiver-start

Will show something like this (example):

wormhole_code: 9-support-concert

3) Notification.

Tell the wormhole code (for example 9-support-concert) to the person you would like to receive Qubes remote support from, i.e. the qubes-remote-support-provider.

Note: not 9-support-concert. The actual code as shown in terminal / graphical user interface.

4) To check status of remote support.

qubes-remote-support-receiver-status

5) To terminate remote support.

qubes-remote-support-receiver-stop

qubes-remote-support-provider[edit]

1) Dependency installation.

Start whonix-workstation-17 Template.

(The latter package x2goclient can be omitted from installation connecting to qubes-remote-support-receiver use of x2go (VNC) is unwanted.)

Shutdown whonix-workstation-17 Template.

2) Start virtual machine (VM).

Open a whonix-workstation-17 based VM. Recommended but optional: DispVM. This will be refereed to as qubes-remote-support-provider VM.

3) Run qubes-remote-support-provider script in qubes-remote-support-provider VM.

qubes-remote-support-provider

It is an interactive script. Read what it says. Continue by pressing enter.

4) When it says:

INFO: Install authenticated Tor onion v3 service private key with the following command in sys-whonix.
sudo sourcefile=~/QubesIncoming/disp4522/1.auth_private anon-server-to-client-install

Do as instructed in sys-whonix VM. Do not copy the command from here. Copy the command from qubes-remote-support-provider VM script output, then paste and run in sys-whonix VM. Then press enter to continue in qubes-remote-support-provider VM.

5) Done.

Should now be connected by SSH.

6) Optional: Connect by graphical remote support (x2go).

As per instructions below.

x2goclient[edit]

Broken until upstream fix for issue x2goagent 3.5.99.26 crashes on connect flows to Qubes R4.1 dom0.

In a Whonix-Workstation (remote-support-provider VM).

1) Start x2goclient.

As user. Run x2goclient.

2) x2goclient settings

• session tab
  • host: the onion v3 domain
  • enable Try auto login (via SSH agent or default SSH key)
  • session type: connect to local desktop
• media tab
  • media -> disable client side printing support
  • media -> disable sound support
• connection tab
  • These are optional settings for better performance. Feel free to experiment with these settings.
  • connection -> connection speed -> WAN
  • connection -> image quality 0
  • connection -> method -> 8-jpeg
• OK
• Click on the newly setup connection
• OK

Alternatively session type terminal could be used.

If you can only see a black screen, the the desktop might be locked (xscreensaver). Any mouse movement or any keypress should prompt for password.

Not required:

• login: not required
• password: not required

printout[edit]

Qubes Remote Support Receiver[edit]

qubes-remote-support-receiver-start

INFO: Starting Qubes Remote Support Receiver.
INFO: This tool is supposed to be run by those who wish to receive remote support.
INFO: Setting up... This will take a moment...
INFO: Remote support archive file '/tmp/tmp.Yfv3ehL6ZJ/remote-support-keys.tar.gz' was successfully created.
INFO: (That file allows a Qubes Remote Support Provider to connect to this machine.)
INFO: (No need to do anything with that file.)
INFO: Starting the file transfer tool magic-wormhole... This will take a moment...
INFO: File transfer too magic-wormhole successfully started.
INFO: The next line will show a wormhole code phrase. Send the code to the Qubes Remote Support Provider. Once the the Qubes Remote Support Provider acknowledged receipt, just wait.
wormhole_code: 9-one-two-three-four
INFO: The Qubes Remote Support Provider successfully received the remote support archive file and is now able to establish remote support.
INFO: This can take up to 10 minutes.

INFO: Should you wish to stop this Qubes Remote Support Session, please run:
qubes-remote-support-receiver-stop

INFO: This tool will exit now and there is nothing else to do besides waiting.
INFO: Success.

qubes-remote-support-receiver-status

● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-02-13 06:49:51 EST; 3 weeks 3 days ago
[...]
Hint: Some lines were ellipsized, use -l to show in full.
INFO: /etc/qubes-rpc/policy/qubes.ConnectTCP+22 looks OK.
qvm-check: {{project_name_gateway_vm}}: running
INFO: VM '{{project_name_gateway_vm}}' already running, ok.
___ qubes-whonix-remote-support.service - Qubes-Whonix Remote Support
   Loaded: loaded (/lib/systemd/system/qubes-whonix-remote-support.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-03-09 13:51:30 UTC; 9min ago
[...]
___ tor@default.service - Anonymizing overlay network for TCP
   Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
[...]
   Active: active (running) since Tue 2021-03-09 13:43:23 UTC; 17min ago
[...]
INFO: Success.

qubes-remote-support-receiver-stop

INFO: sshd was previously running, therefore not stopping it, ok.
INFO: VM '{{project_name_gateway_vm}}' already running, ok.
INFO: Success, remote support received has been turned off.

Qubes Remote Support Provider[edit]

qubes-remote-support-provider

INFO: Starting Qubes Remote Support Provider.
INFO: This tool is supposed to be run by those who wish to provide remote support.
INFO: Setting up... This will take a moment...
INFO: Ask the remote support receiver for the wormhole code phrase and enter it below.
Enter receive wormhole code: 9-one-two-three-four
 (note: you can use <Tab> to complete words)
Receiving file (814 Bytes) into: remote-support-keys.tar.gz
ok? (y/N): y
Receiving (->relay:tcp:magic-wormhole-transit.debian.net:4001)..
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 814/814 [00:00<00:00, 3.82MB/s]
Received file written to remote-support-keys.tar.gz
INFO: Success, received remote support archive file '/tmp/tmp.ZTe9baxU6Z/remote-support-keys.tar.gz'.
INFO: (That file allows a Qubes Remote Support Provider to connect to this machine.)
INFO: (No need to do anything with that file.)
INFO: Setting up... This will take a moment...

Success. Please continue as instructed below.

INFO: To avoid confusion, it is advised your delete folder ~/QubesIncoming in {{project_name_gateway_vm}} if it exists. In most cases no such folder exists.
INFO: If there is nothing you need to backup, you could run the following command in {{project_name_gateway_vm}}:

rm -rf ~/QubesIncoming

INFO: When done, press enter to continue.


INFO: Will ask to copy 1.auth_private to {{project_name_gateway_vm}}.
INFO: When Qubes dom0 asks, answer to copy to {{project_name_gateway_vm}}.
INFO: Press enter to continue.


sent 0/1 KB

INFO: Install authenticated Tor onion v3 service private key by running the following command in {{project_name_gateway_vm}}:

sudo sourcefile=~/QubesIncoming/disp2887/1.auth_private anon-server-to-client-install

INFO: When done, press enter to continue.


INFO: Do you want to SSH to 'xxx.onion'?
INFO: Press enter to continue.


INFO: Trying SSH...
INFO: Will keep trying to run the following command...
ssh 'xxx.onion'
INFO: This can take up to 10 minutes.
Last login: Tue Mar  9 08:49:28 2021 from xx.xx.xx.x
[user@dom0 ~]$

Test Results[edit]

• Running a simple command such as ls -la takes 1 second until results are drawn.
• There is an 1 seconds delay between a keypress on inside remote-support-provider VM until it gets visible in the remote terminal.
• Click Xfce start menu: 2 seconds
• clock in systray (shows seconds) update: every 1 or 2 seconds
• There is a bug where I have no idea if caused by Qubes R4.1 testing version or x2go or a combination of it. When pressing any key it sometimes happen that this key is auto-repeat "jammed". I.e. "a" becomes "aaaaaaaaaaaaaaa" (no exact counting).

See Also[edit]

• SSH

Help Wanted[edit]

Please contribute by helping to create full working instructions in Whonix! See: add user documentation for Remote Administration, Keystroke Fingerprinting, Stylometry.

Future Research[edit]

[1] comparing vnc, nx(x2go) and spice. VNC sends the least amount of data. nx has a stable perf irrelevant of bandwidth conditions however one disadvantage I came across was it is heavily tied to X11 and therefore not future proof. https://bbs.archlinux.org/viewtopic.php?id=225765

[1] https://www.diva-portal.org/smash/get/diva2:530960/FULLTEXT01.pdf

VNC perf depends heavily on implementation details. TigerVNC is better than realvnc, but Remmina is commented to be better than tiger. "A 2010 reviewer found the TigerVNC product "much faster than Vinagre https://en.wikipedia.org/wiki/Vinagre but not quite as responsive as Remmina https://en.wikipedia.org/wiki/Remmina https://en.wikipedia.org/wiki/TigerVNC "

Tiger can be further optimized for constrained environments by ratcheting up the compression and lowering the jpeg quality. NB turbo isn't in Debian and it seems geared towards 3D usage. https://turbovnc.org/About/TigerVNC

Footnotes[edit]

Whonix The most watertight privacy operating system in the world.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!