Jul 182009
 

Sponsored Link

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn't always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn't provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.

Installing TOR

First you should to add the TOR repository to your system. It's only necessary if there's no package in the default repositories.

Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.

deb http://mirror.noreply.org/pub/tor lenny main

To use this repository without problems, you have to add the PGP key to your system.

apt-key adv --recv-keys --keyserver subkeys.pgp.net 0x94C09C7F

Update your repositories and install TOR.

apt-get update && apt-get install -y tor

If you want to use TOR with OpenSSH, you have to install another program called connect-proxy.

apt-get install -y connect-proxy

Setup OpenSSH to use TOR for all connections

However, this is not recommended, but here is how it works.

Add the following block to the top of your ~/.ssh/config file.

Host *
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

The command line syntax won't change at all.

Setup OpenSSH to use TOR for a specific connection

I recommend using TOR only for a specific connection. All other connections won't be affected.

Add this block to your ~/.ssh/config. You have to replace mydomain with the host domain name or IP address and myaccount with your user name.

Host mydomain
HostName mydomain.com
User myaccount
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Setup OpenSSH to use TOR for a bunch of connections

Instead of setting up TOR for every single connections, you can do this for a bunch of connections at once. Following example shows how it works.

Host anon_*
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Host anon_mydomain
HostName mydomain.com
User myaccount

Host anon_mydomain2
HostName mydomain2.com
User myaccount
Port 980

This way you know exactly if you're using TOR or not.

Conclusion

It is very simple to anonymize your SSH sessions if you know what you're doing. I've written this tutorial for legal purposes only. Using this is your own risk.

Copyright (c) Vincent Wochnik 2009

Sponsored Link

 Posted by at 12:54 am

  4 Responses to “Anonymous SSH sessions with TOR”

  1. I assume Comblockquotession yes should read Compression yes :-)

  2. Hi,

    you could achive the same result and more with iptables. TOR can be used as a transparent proxy. Just bend the connections you want to the transparent proxy. E.g https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy

  3. Definitely, this threw me for a loop: that should be “Compression yes”, not “Comblockquotession yes”

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>