Is it possible to sandbox Luci and SSH?

I'm still new but learning a lot. Is there any way to sandbox Luci, SSH and any protocol that could access the flash in the same way the Qubes OS sandboxes certain apps?

You can do the following:

  • Set up a VPN and allow LuCI/SSH only via the VPN interface.
  • Allow LuCI only via SSH tunnel or just disable LuCI for good.
  • Allow SSH authentication only to an unprivileged user.
  • Set up SSH public key authentication and disable password authentication.


  • Make sure the failsafe mode works properly before your experiments.
  • Security level in general case from higher to lower: VPN > SSH > LuCI.