Update page 'This guide should help new users to secure "harden" their Oxen Service Node.'

master
who am i 5 years ago
parent 07665dbec3
commit 717191e82a

@ -38,7 +38,7 @@ There is also a non-debian installer available: https://github.com/hesiod-projec
10. [RPi, Tails, Qubes OS - split SSH qube](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#10-special-qubes-os---split-ssh-qube) 10. [RPi, Tails, Qubes OS - split SSH qube](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#10-special-qubes-os---split-ssh-qube)
11. [NOT READY YET: Mobile ssh access to Oxen Service Node]((http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#10-special-qubes-os---split-ssh-qube)) 11. [NOT READY YET: Mobile SSH access to Oxen Service Node]((http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#10-special-qubes-os---split-ssh-qube))
----- -----
@ -650,11 +650,18 @@ Give the secret key when asked. Afterwards make sure that all services work prop
**SSH Keys** **SSH Keys**
# 10 RPi, Tails, Qubes OS - split SSH qube # 10. RPi, Tails, Qubes OS - split SSH qube
As writting here security is not just a one click operation - it is all about **security layers**. Furthermore, you should not ignore other weak spots. Having a super secure VPS and a rootkit or any malicious software on your admin computer can bypass all security you put into your VPS. The best setup you can use to securely login and admin your harded VPS is a seperated computer like Raspberry Pi (RPi) or any other Single Board Computer (SBC) - based on open source software and limited usage for only one porpose. Tip: A good software source can be found here: https://dietpi.com/. Another alternative you can think of is https://tails.boum.org/ As writting here security is not just a one click operation - it is all about **security layers**. Furthermore, you should not ignore other weak spots. Having a super secure VPS and a rootkit or any malicious software on your admin computer can bypass all security you put into your VPS. The best setup you can use to securely login and admin your harded VPS is a seperated computer like Raspberry Pi (RPi) or any other Single Board Computer (SBC) - based on open source software and limited usage for only one porpose. Tip: A good software source can be found here: https://dietpi.com/. Another alternative you can think of is https://tails.boum.org/
A more secure and elegant approach offers https://www.qubes-os.org/. When you follow this chat / guide you can simply setup a split SSH qube which can A) more secure than a smard card (depends on your risk scenario) B) combine this with KeePassXC (runs only within a vault virtual machine, without network access). A more secure and elegant approach offers https://www.qubes-os.org/. When you follow this chat / guide you can simply setup a split SSH qube which can A) more secure than a smard card (depends on your risk scenario) B) combine this with KeePassXC (runs only within a vault virtual machine, without network access).
https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/split-ssh.md
# 11. Mobile SSH access to Oxen Service Node
...
...
Respect privacy - Have fun and stay safe ! Respect privacy - Have fun and stay safe !
Loading…
Cancel
Save