add qubes ssh setup

2024-12-20 17:06:02 -08:00 · 2024-12-20 17:06:02 -08:00 · 838ac9015c
parent b4662a2a9a
commit 838ac9015c
2 changed files with 22 additions and 0 deletions
--- a/qubes/.config/systemd/user/qubes-ssh-socket.service
+++ b/qubes/.config/systemd/user/qubes-ssh-socket.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Run a SSH proxy socket to another QubesOS VM
+
+[Service]
+Environment=SSH_VAULT_VM=vault
+ExecStart=%h/.local/bin/qubes-ssh-socket
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/qubes/.local/bin/qubes-ssh-socket
+++ b/qubes/.local/bin/qubes-ssh-socket
@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+export SSH_VAULT_VM="${SSH_VAULT_VM:-vault}"
+export SSH_AUTH_SOCK="/home/${USER}/.SSH_AGENT_${SSH_VAULT_VM}"
+
+rm -f "$SSH_AUTH_SOCK"
+
+umask 177
+socat \
+  "UNIX-LISTEN:${SSH_AUTH_SOCK},fork" \
+  "EXEC:qrexec-client-vm ${SSH_VAULT_VM} qubes.SshAgent"