QubesOS
Optional secure SSH between qubes
The problem you're addressing (if any)
Many Qubes users are familiar with ssh and applications built on top of it. It is a foundation of secure computing outside of Qubes. It would be great if that could be used for communication between qubes as well, without giving up too much security for the added convenience.
The solution you'd like
Allow easy optional installation of ssh client and server, configured securely somehow to require explicit connectivity policy configuration using Qubes mechanisms (qrexec?), preferably without opening up non-ssh network connectivity between qubes.
The value to a user and who that user might be
Advanced users might want to:
- Orchestrate collections of qubes from scripts in dom0, replacing
qvm-run - use restic or rclone or rsync to back up to a "backup qube" over ssh or sftp
Completion criteria checklist
(This section is for developer use only. Please do not modify it.)
So what you're proposing is for the implementation of user-friendly "SSH over qrexec"? (Just trying to clarify as I'm not fully sure).
Another useful thing to use this for could be SSHFS to mount folders between qubes..
I'm a competent ssh user, not a competent Qubes developer ... but yes, "SSH over qrexec" sounds like a promising direction to implement this.
As SSH is TCP based you can use the qvm-connect-tcp utility documented at:
https://www.qubes-os.org/doc/firewall/#opening-a-single-tcp-port-to-other-network-isolated-qube
In my setup I use the permanent port binding configuration documented in that section to interconnect about 10 qubes. Most of those 10 qubes have no networking qube at all. That has worked flawlessly since I started using it a couple of years ago.
Your connectivity policy would then be configured using the RPC service setting for qubes.ConnectTCP.
