Re: [qubes-users] Dom0 connectivity for maintenance
On Wednesday, February 28, 2018 at 12:50:23 PM UTC-5, Unman wrote: > On Wed, Feb 28, 2018 at 09:48:43AM -0800, Yuraeitha wrote: > > On Wednesday, February 28, 2018 at 6:38:49 PM UTC+1, Unman wrote: > > > On Wed, Feb 28, 2018 at 08:52:07AM -0800, Braden wrote: > > > > Performing some modifications to dom0, but when I run apps like wget > > > > from dom0 terminal I am unable to resolve addresses. Same if I were to > > > > try running firefox from dom0. Know this is because of security > > > > benefits, but how can I enable networking from there. Say I wanted to > > > > connect to dom0 from a vnc temporarily. > > > > > > > There's almost never any need to do this. If you want to install > > > packages you can use the update mechanism. Otherwise download files in a > > > qube and then copy them in to dom0 and install them there. > > > If dom0 is compromised then all your qubes are open. > > > > > > But you probably know this already. > > > > > > As things stand it's difficult, but not impossible to access dom0. You > > > could open a channel to allow vnc to a qube and use socat and an rpc > > > service to front to dom0. But really just dont do it: it subverts the > > > whole point in using Qubes. > > > > btw, isn't it possible that he can use the Qubes 4 dom0 admin features to > > make changes to VM's from a remote location? Could the solution be to > > upgrade to Qubes 4 and use that instead? I haven't yet went > > discovering/understood the limitations of the Qubes 4 dom0 admin tools, but > > isn't this a perfect match to his goal if he upgrades? Apologies if I > > misunderstood how the dom0 admin features work, I haven't started using it > > my self yet. > > > > Yes, it is. > OP could read this post > https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/ My hardware is only 3.2 supported rn as you guessed, suppose I could explore the unique service idea, is there anything similar on *nix -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e82e49e9-823a-4b81-8e85-db14b5edb6ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Dom0 connectivity for maintenance
On Wednesday, February 28, 2018 at 12:50:17 PM UTC-5, Braden wrote: > On Wednesday, February 28, 2018 at 12:38:49 PM UTC-5, Unman wrote: > > On Wed, Feb 28, 2018 at 08:52:07AM -0800, Braden wrote: > > > Performing some modifications to dom0, but when I run apps like wget from > > > dom0 terminal I am unable to resolve addresses. Same if I were to try > > > running firefox from dom0. Know this is because of security benefits, but > > > how can I enable networking from there. Say I wanted to connect to dom0 > > > from a vnc temporarily. > > > > > There's almost never any need to do this. If you want to install > > packages you can use the update mechanism. Otherwise download files in a > > qube and then copy them in to dom0 and install them there. > > If dom0 is compromised then all your qubes are open. > > > > But you probably know this already. > > > > As things stand it's difficult, but not impossible to access dom0. You > > could open a channel to allow vnc to a qube and use socat and an rpc > > service to front to dom0. But really just dont do it: it subverts the > > whole point in using Qubes. > > Fair enough, suppose will copy the package to dom0 and then install my vnc > server there, but would the firewall refuse to allow connections just like > how firefox and wget refuse in dom0? Only need VNC client connections working that is -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75ce23b7-1350-473c-b89c-2ceb75274e7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 connectivity for maintenance
On Wednesday, February 28, 2018 at 12:11:34 PM UTC-5, Yuraeitha wrote: > On Wednesday, February 28, 2018 at 5:52:07 PM UTC+1, Braden wrote: > > Performing some modifications to dom0, but when I run apps like wget from > > dom0 terminal I am unable to resolve addresses. Same if I were to try > > running firefox from dom0. Know this is because of security benefits, but > > how can I enable networking from there. Say I wanted to connect to dom0 > > from a vnc temporarily. > > I also believe you can just add the extra repository to make dom0 > install/update in a secure way, without attaching the network directly to > dom0. But as mentioned above, first, what is it you actually want to do? Understandable, I'd need to install a VNC into dom0 so I can easily change hvms and appvm settings from work, so how should I go about attaching the network. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2ed9145-6b74-4cbb-9eba-f34548bd9c66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Dom0 connectivity for maintenance
Performing some modifications to dom0, but when I run apps like wget from dom0 terminal I am unable to resolve addresses. Same if I were to try running firefox from dom0. Know this is because of security benefits, but how can I enable networking from there. Say I wanted to connect to dom0 from a vnc temporarily. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/431b70dd-8c1d-4cb8-aa7e-1c62fe17b6ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
