Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a good approach, though presumably the VM still has access to your Github credentials (via the browser) and your SSH keys? It'll limit the fallout of getting owned to anything reachable from Github (is it against Github's TOS to have multiple accounts?), less if you have 2FA (does there exist 2FA for SSH keys (I don't mean passphrases)?), but I think it would be better for just my build/run/test cycles to be cordoned off into their own universe, with a way for just the source code itself to cross the boundary.


> though presumably the VM still has access to your Github credentials (via the browser) and your SSH keys?

Not in Qubes OS:

https://github.com/Qubes-Community/Contents/blob/master/docs...

https://www.qubes-os.org/doc/split-gpg/


It might be too cumbersome for most, and I might be more paranoid than average, but each project for me means a fresh VM, a new Keepass database and dedicated accounts. Then again I work mostly in ops, and I've seen first hand how badly things can go wrong so isolation and limiting blast radius takes precedence over daily convenience for me.


Why wouldn't you use disposable VMs [0] and secure inter-VM copy [1] on Qubes OS instead? It's much less cumbersome and more secure.

[0] https://www.qubes-os.org/doc/how-to-use-disposables/

[1] https://www.qubes-os.org/doc/how-to-copy-and-move-files/


Could you please share some resources/tactics for protecting your host machine from these development VMs? If I were to do this, I would want some assurances (never 100%) that my host is protected from the VM to the best of my ability.

(If it makes any difference, I would probably be using VMWare Workstation Pro)


I can't give you what you're looking for. You need to decide on the trade offs for yourself. There will always be a risk. Directed attacks can get out of VMs. You could slip up and log into a personal account inside the VM.


I tried to make it clear in my reply that I understood there are no guarantees. What I’m asking is if you have any guidance on reducing the likelihood of these attacks succeeding


That does sound incredibly cumbersome. I suppose that means you are an ace at provisioning machines.

How do you move data in/out of the guests? I always found that part of interacting with VMs to be annoyingly painful.


There are always trade offs. You do get better at things you do a lot. My mother won't use a password vault because copying and pasting is too much work for her. I'd just rather pay with my time and inconvenience than one day find out some python package I fiddled with for a late night project once means I need to call my bank.


SSH.

Doesn't even need to be command line, you can just open remote addresses in your favourite graphical file browser, at least under Linux.


> does there exist 2FA for SSH keys (I don't mean passphrases

Yes. Yubikey. ecdsa-sk key requires you to tap yubikey to have a working key. It consists of 2 parts - a private key file, but which is useless without yubikey. https://developers.yubico.com/SSH/

https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.ht...


Github offers fine grained personal access tokens. https://docs.github.com/en/authentication/keeping-your-accou...

Azure DevOps does it too


Far as I know, in AzDO you can't even limit a PAT to a single project/repository. Not good for limiting access cause even a read only can see private stuff in other projects. You might create a specific account and assign to only that project but what a pain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: