SSH available for another machines

Hi all, I would like to ask you for help how to make AppVM accessible via SSH.

I would like to sync some files via local network via cronjob. I created one new AppVM based on Debian, where will be running SSH service. I need to make this AppVM and SSH service accessible from LAN, so I need to open port in firewall (on AppVM, or Sys-Firewall, or Sys-Net?), after that it should probably works. I try to find some resources here on forum, but I am not sure that I understand it correctly, could anyone help me please?

Thank you very much!

I won’t go into detail on how to set up an ssh server. I am assuming that you know how to do that.

As for the firewall, there is a script from @unman that does all the heavy lifting for you!

Download it, make sure that unman does not plant a reverse shell in your dom0 by reading it, copy it into your dom0 by

qvm-run -p <qube-that-has-the-script> "cat <location-of-script>" | cat > openport

make it executable

chmod +x openport

and open the port

./openport add <target-qubes> tcp 22

This is volatile! Meaning, you have to run it every restart of your dom0, or create an autostart functionality.

Thank you very much!!!