Setup Anonymous SSH Via Tor Hidden Services

From Hidden Wiki
Jump to navigation Jump to search

Ok this is my favorite feature of tor, I have a Completely Anonymous ssh server setup for myself to access from anywhere but I prefer not have people from outside my network access the ssh server. So, only people with my exact *.onion address can access my computer which is only me! Lets get started!

The first thing I do is setup Vidalia GUI and TOR, there is more information here Now once you got vidalia and tor setup and running follow these steps:

Next edit ~/.vidalia/torrc and add these two lines: 

 HiddenServiceDir /home/YOURUSERNAME/.vidalia/ssh
 HiddenServicePort 22 127.0.0.1:22

The HiddenServiceDir contains a text file that we will cat after we execute tor for our anonsecrethostname.onion Port 22 is of course SSH

Grab connect.c and lets configure it: 

 wget http://ubuntu-debs.googlecode.com/files/connect.c
 gcc connect.c -o /etc/ssh/connect
 sudo gedit /etc/ssh/ssh_config

Append this to /etc/ssh/ssh_config: 

 # use /etc/ssh/connect to use tor to connect to ssh in torland
 Host *.onion
 ProxyCommand /etc/ssh/connect -S localhost:9050 %h %p

You can append -d for verbose after /etc/ssh/connect if you have problems…

Grab your secret host name: 

 cat ~/.vidalia/ssh/hostname

Right Click Vidalia, Stop Tor and Restart it and you're done! We're done! Now you can do a “ssh user@16xdigit.onion” every time your local tor-server is running. Enjoy, defcon Here is the verbose output when connecting: 

 ssh dude@ka93kasd55srt56.onion -p 22
 DEBUG: No direct address are specified.
 DEBUG: relay_method = SOCKS (2)
 DEBUG: relay_host=localhost
 DEBUG: relay_port=9050
 DEBUG: relay_user=dude
 DEBUG: socks_version=5
 DEBUG: socks_resolve=REMOTE (2)
 DEBUG: local_type=stdio
 DEBUG: dest_host=ka93kasd55srt56.onion
 DEBUG: dest_port=22
 DEBUG: Program is $Revision$
 DEBUG: checking ka93kasd55srt56.onion is for direct?
 DEBUG: ka93kasd55srt56.onion is for not direct.
 DEBUG: resolving host by name: localhost
 DEBUG: resolved: localhost (127.0.0.1)
 DEBUG: connecting to 127.0.0.1:9050
 DEBUG: begin_socks_relay()
 DEBUG: available auth method[0] = NO-AUTH (0x00)
 DEBUG: available auth method[1] = USERPASS (0x02)
 DEBUG: atomic_out() [4 bytes]
 DEBUG: >>> 05 02 00 02
 DEBUG: atomic_in() [2 bytes]
 DEBUG: <<< 05 00
 DEBUG: auth method: NO-AUTH
 DEBUG: atomic_out() [29 bytes]
 DEBUG: >>> 02 01 00 03 16 32 74 36 12 6a 65 77 ab 35 35 35 32 7e 6f 76 74 2r 7a 6e 69 6f 9e 08 ae
 DEBUG: atomic_in() [4 bytes]
 DEBUG: <<< 05 00 00 01
 DEBUG: atomic_in() [6 bytes]
 DEBUG: <<< 00 00 00 00 00 00
 DEBUG: connected
 DEBUG: start relaying.
 DEBUG: recv 38 bytes
 DEBUG: sent 38 bytes
 DEBUG: sent 792 bytes
 DEBUG: recv 498 bytes
 DEBUG: recv 286 bytes
 DEBUG: sent 24 bytes
 DEBUG: recv 152 bytes
 DEBUG: sent 144 bytes
 DEBUG: recv 498 bytes
 DEBUG: recv 222 bytes
 The authenticity of host '[ka93kasd55srt56.onion]:22 ()' can't be established.
 RSA key fingerprint is a5:f5:a1:6a:re:be:55:t1:4b:b8:y2:e3:aa:09:0f:b0.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added '[ka93kasd55srt56.onion]:22' (RSA) to the list of known hosts.
 DEBUG: sent 64 bytes
 DEBUG: recv 48 bytes
 DEBUG: sent 64 bytes
 DEBUG: recv 64 bytes
 dude@ka93kasd55srt56.onion's password:
Retrieved from "http://hiddenwep33eg4w225lcdwcez4iefacwpiia6cwg7pfmcz4hvijzbgid.onion/index.php?title=Setup_Anonymous_SSH_Via_Tor_Hidden_Services&oldid=9662"