Testing Qubes OS is not an easy task. It’s not like you can run Qubes on the browser… or can you?!
That’s what we’re about to find out…
- a random test laptop running Qubes 4.1
- internet connection
A word of caution
This setup involves completely invalidating the security properties of your Qubes installation. Do this only on a device used exclusively for testing.
Additionally, participants will have access to the device as though they were next to you. If you connect the device to you home’s WiFi, you should consider the risk of them being able to see its password or even find your home’s physical address by your home network’s name or the ones around.
We have two devices: the participant’s, which just needs to run Tor Browser and the UX Person’s, which is running Qubes.
- 2-20 seconds input delay - can be improved if you use DNS instead of onion services. It really depends on your Tor circuit. I have been able to use with 2-4 seconds.
Create a new qube called
remote-admin with the following settings:
Advanced: for simplicity of software installation and persistence we create a standalone qube. Advanced users can probably figure out how to do the same with templates and app qubes.
instructions borrow from here (in case they break check there).
Run the following in a dom0 terminal:
# install the qubes contributor's repository sudo qubes-dom0-update qubes-repo-contrib # install the remote-desktop software sudo qubes-dom0-update qubes-remote-desktop # set "VNCPASS" as the password vncpasswd #enable the qubes-x0vncserver (for some reason) qvm-service --enable dom0 qubes-x0vncserver
and then start the dom0 VNC service
systemctl start qubes-x0vncserver@$(whoami)
In dom0’s terminal type the following:
echo "qubes.ConnectTCP +5900 remote-admin @default allow target=dom0" | sudo tee /etc/qubes/policy.d/30-remote-admin.policy
open a terminal and run
Good point to test
At this stage you can check if you are correctly getting. You can install a VNC viewer like
remminaand connect to
127.0.0.1:5900. Then it will ask the password
VNCPASS(you set it earlier).
- vnc connection failure: too many security failures
Just restart the vnc server in dom0
systemctl restart qubes-x0vncserver@$(whoami)
Guacamole essentially allows users to connect via their web browser to a VNC server.
Still in the
- You install it like this:
sudo apt install -y guacd libguac-client-vnc sudo apt install -y tomcat9 tomcat-admin tomcat9-common tomcat9-user
Download the latest guacamole
.warfrom Apache Guacamole™: Release Archive
Verify the file integrity with the
sha256hashes on the website
(can save you some troubleshooting time in case your download breaks)
Copy the downloaded file onto
/var/lib/tomcat9/webapps/guacamole.war(may need sudo)
restart tomcat for the newly installed
sudo systemctl restart tomcat9
Edit the file
/etc/guacamole/user-mapping.xml(you may need to create
<user-mapping> <authorize username="user" password="pass"> <protocol>vnc</protocol> <param name="hostname">127.0.0.1</param> <param name="port">5900</param> <param name="password">123456</param> </authorize> </user-mapping>
Restart guacamole to apply the changes:
sudo systemctl restart guacd.
Open firefox on the webpage:
You should see a login page. Your credentials are:
Now you have a functioning dom0 remote access via the web browser.
But this is not super useful since it is just local access and you can’t give that address for a user to test. In the next section, we’ll show you how you can generate an address where your users can test your system.
sudo apt install tor
- edit the file
/etc/tor/torrcand add the following text at the end and save it:
HiddenServiceDir /var/lib/tor/guacamole_vnc HiddenServicePort 80 127.0.0.1:8080 HiddenServiceVersion 3
restart Tor to apply the changes
sudo systemctl restart tor
sudo cat /var/lib/tor/guacamole_vnc/hostname
Save this link as that will be what you share with your participants.
Just be aware that they have to install the Tor Browser in order to access it.
Grab some tea while the onion address propagates through the Tor network. (max 10 mins)
- Tell them to log in with:
Everything with you have to run every time you restart your computer / remote-admin qube.
Because an extra qube is running it could interfere with a user’s experience (e.g. they will see it in the qube domains widget). To hide it, you can delete
sys-usb and rename
remote-admin to either one. An unsuspecting users won’t see any difference.