Anonymous SSH Sessions With TOR

Anonymous SSH Sessions With TOR | HowtoForge - Lin...
http://www.howtoforge.com/anonymous-ssh-sessions-wit...
Register
Login
Contribute
Subscribe
RSS
Howtos
Forums
Contribute
Subscribe
ISPConfig
FAQForge
News
Options For This Howto

Free Support Paid Support
Navigation
Howtos Linux Android CentOS Debian Fedora Kernel Mandriva PCLinuxOS SuSE Ubuntu Web Server Apache Cherokee Lighttpd nginx Backup Control Panels ISPConfig DNS BIND MyDNS PowerDNS djbdns Desktop Email Anti-Spam/Virus Postfix FTP High-Availability Monitoring MySQL Programming C/C++ PHP Samba Security Anti-Spam/Virus Storage
1 de 9
05/05/13 02:26
Virtualization KVM OpenVZ VMware VirtualBox Xen Other FreeBSD Commercial Mini-Howtos Linux Apache Backup DNS Errors FTP MySQL Networking PHP Postfix Security Sendmail Shell Other ISPConfig Forums Contribute Create Content Subscription Login Site Map/RSS Feeds
User login
Username: Password:
Remember Me?
Log in
Create a new account Request new password
Facebook
2 de 9
05/05/13 02:26
Who's online
There are currently 4 users and 3202 guests online.
HowtoForge Forums
Mailman in a MultiServer setup Ubuntu Site: Memory and processing Cannot open firewall ports VMWARE networking question A supported tablet was not found on this system? Migrating Serves? email woes smstools problem[cant send sms] Cluster update POSTFIX SASL problem
News
Intel Commits More Mesa Performance Optimizations 6 Invaluable Free Scheme Books Build & Defend has gotten some updates! Some tricks with htop Could a Double Fine Humble Bundle be coming?
3 de 9
05/05/13 02:26

Portal Runs natively on Linux 5 Links for Developers and IT Pros 5-3-13 XBMC Media Center 12.2 Brings Numerous UPnP Fixes phpMyAdmin 4.0 Release Kills Off The Tables Android trounces Apple in Q1 2013 tablet shipments more
Recent comments
missing step 21 hours 33 min ago Thanks for this wonderful 1 day 5 hours ago addition for ispconfig 1 day 8 hours ago Re: Re: Re: installing Adobe Reader does not work... 1 day 9 hours ago Re: Re: Re: Re: i use .htaccess to change php_value 1 day 14 hours ago Re: can't access 1 day 14 hours ago Load balance servers difference location 1 day 19 hours ago This also helped me install LAMP and phpMyAdmin 1 day 22 hours ago Re: Re: Re: Re:Making linux windows like. 2 days 3 hours ago === INFO ===It's Works with 2 days 10 hours ago
Newsletter
Subscribe to HowtoForge Newsletter and stay informed about our latest HOWTOs and projects. enter email address
4 de 9
05/05/13 02:26
Submit
(To unsubscribe from our newsletter, visit this link.)
English |
You are here:
Deutsch | Site Map/RSS Feeds | Advertise
Home Howtos Linux Debian Anonymous SSH Sessions With TOR
Anonymous SSH Sessions With TOR
Want to support HowtoForge? Become a !

Submitted by vwochnik (Contact Author) (Forums) on Tue, 2009-07-14 12:21. :: Debian | Ubuntu | Security
Anonymous SSH Sessions With TOR

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn't always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn't provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.
Installing TOR
First you should to add the TOR repository to your system. It's only necessary if there's no package in the default repositories. Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.
deb http://mirror.noreply.org/pub/tor lenny main
To use this repository without problems, you have to add the PGP key to your system. apt-key adv --recv-keys --keyserver subkeys.pgp.net 0x94C09C7F Update your repositories and install TOR.
5 de 9
05/05/13 02:26
apt-get update && apt-get install -y tor If you want to use TOR with OpenSSH, you have to install another program called connect-proxy. apt-get install -y connect-proxy
Setup OpenSSH to use TOR for all connections

However, this is not recommended, but here is how it works. Add the following block to the top of your ~/.ssh/config file.
Host * CheckHostIP no Compression yes Protocol 2 ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h local
The command line syntax won't change at all.
Set up OpenSSH to use TOR for a specific connection

I recommend using TOR only for a specific connection. All other connections won't be affected. Add this block to your ~/.ssh/config. You have to replace mydomain with the host domain name or IP address and myaccount with your user name.
Host mydomain HostName mydomain.com User myaccount CheckHostIP no Compression yes Protocol 2 ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h local
6 de 9
05/05/13 02:26
Set up OpenSSH to use TOR for a bunch of connections

Instead of setting up TOR for every single connections, you can do this for a bunch of connections at once. Following example shows how it works.
Host anon_* CheckHostIP no Compression yes Protocol 2 ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h local Host anon_mydomain HostName mydomain.com User myaccount Host anon_mydomain2 HostName mydomain2.com User myaccount Port 980
This way you know exactly if you're using TOR or not.
Conclusion
It is very simple to anonymize your SSH sessions if you know what you're doing. I've written this tutorial for legal purposes only. Using this is your own risk.
Copyright 2009 Vincent All Rights Reserved. add comment | view as pdf | print
Related Tutorials
Ultimate Security Proxy With Tor
Please do not use the comment function to ask for help! If you need help, please use our forum. Comments will be published after administrator approval.
torify
Submitted by Anonymous (not registered) on Mon, 2010-12-13 20:45. Why to complicate, when there is a toll which do exactly the same automatically? Use torify as follows: torify ssh user@ip_address and that's it. With this tool you can torify any application you want, wget, telnet, ftp...
reply |
view as pdf
Tor caused me problems
7 de 9
05/05/13 02:26
Submitted by jdkullmann (registered user) on Sat, 2009-08-22 15:58. I love the idea of Tor but beware. I had it up and running and I got a legal notice that my ISP had received from the RIAA or HBO or someone that I was bittorrenting illegally. But, I never run bittorrent. Turns out that someone else on the Tor network was (big surprise) and by being a Tor exit point as far as HBO was concerned it was I (or at least my system) that was putting out the bittorrent packets. Sadly I took down Tor in spite of the fact that I really like the notion behind it etc. I suppose I could have left it up and not been an exit point but that did not seem like it was in the spirit of Tor
reply |
view as pdf
Next step
Submitted by Anonymous (not registered) on Wed, 2009-07-15 13:26. The next step is to explain how to prevent incoming SSH connections from TOR proxies... If anyone is using TOR to get to one of my boxes, then they are certainly up to no good.
reply |
view as pdf
non-sense
Submitted by phocean (not registered) on Tue, 2009-07-14 15:06. It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense.
reply |
view as pdf
Re: non-sense
Submitted by Palin (not registered) on Wed, 2009-07-15 11:28. The nonsense about internet is the nonsense about firewall policies. That's the same about nonsense in the most-adopted operating system security (or lack of it), and the nonsense of application-side workaround to the nonsense above. So now there's SOAP, rpc over http, but the RPC port is closed on the firewall, are you more secure now? :)
reply |
view as pdf
Re: non-sense
Submitted by Silver Knight (not registered) on Wed, 2009-07-15 09:16. phocean said: "It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense." Are you entirely 100% absolutely certain that you really really understand how the Internet works exactly? You might want to think about reading up on the topic a little more. TCP/IP and HTTP are not the same thing and HTTP most certainly is not in any way replacing IP. HTTP, FTP, SSH, IRC, POP, IMAP, and a number of other transfer protocols are used in addition to TCP/IP and are simply nothing more than agreed upon methods of exchanging data "over the wire". NONE of these protocols are being used "in place of" IP, and I'm not exactly understanding how your comment quite relates to the content of this howto. On the topic of the howto itself, my thanks to the author for your efforts. While I have no need for TOR at this particular moment, I appreciate the attempt to share useful information and have captured this howto in my notes as some of the information in the howto is useful to me even though I have no need of the TOR part of it.
8 de 9
05/05/13 02:26
reply |
view as pdf
Re: Re: non-sense

Submitted by MoJo (not registered) on Wed, 2009-07-15 11:43. I agree with Phocean. Nowadays, a bunch of protocol are encapsulated in HTTP without valid reasons except simplicity and the fact that firewalls often let HTTP traffic cross them. However these protocols are not used to carry hyper text messages (what is HTTP for). TOR is an example of this non-sense, SOAP, WSDL, are others.
reply |
view as pdf
Re: Re: Re: non-sense

Submitted by Anonymous (not registered) on Fri, 2011-09-02 19:06. Also, IP isn't a "transport". TCP, UDP and others are transport protocols, not IP which is in the Network Layer. Why don't you go read at least a wikipedia entry on the OSI and TCP/IP network protocol stacks?
reply |
view as pdf
Re: Re: Re: non-sense

Submitted by Anonymous (not registered) on Wed, 2009-07-22 13:16. Tor uses TCP only.
reply |
view as pdf
Howtos | Mini-Howtos | Forums | News | Search | Contribute | Site Map/RSS Feeds | Advertise | Contact | Disclaimer | Imprint
Copyright 2013 HowtoForge - Linux Howtos and Tutorials All Rights Reserved.
9 de 9
05/05/13 02:26

Anonymous SSH Sessions With TOR

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Anonymous SSH Sessions With TOR

Diunggah oleh

Hak Cipta:

Format Tersedia

Anonymous SSH Sessions With TOR | HowtoForge - Lin...

Options For This Howto