Debian Admin

Debian/Ubuntu Linux System Administration Tutorials,Howtos,Tips

  • RSS Subscribe

    subscribe to the Debian Admin RSS feed

  • Sponsors



  • Categories

  • Sponsors

  • Support DebianAdmin

    Amount $:
    Website(Optional):


  • Meta

  • Archives



« iotop – simple top-like I/O monitor
Howto remove NSM Configuration from a Juniper Firewall »

Anonymous SSH sessions with TOR

Posted by Vincent Wochnik on July 18th, 2009

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn’t always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn’t provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.

Installing TOR

First you should to add the TOR repository to your system. It’s only necessary if there’s no package in the default repositories.

Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.

deb http://mirror.noreply.org/pub/tor lenny main

To use this repository without problems, you have to add the PGP key to your system.

apt-key adv --recv-keys --keyserver subkeys.pgp.net 0×94C09C7F

Update your repositories and install TOR.

apt-get update && apt-get install -y tor

If you want to use TOR with OpenSSH, you have to install another program called connect-proxy.

apt-get install -y connect-proxy

Setup OpenSSH to use TOR for all connections

However, this is not recommended, but here is how it works.

Add the following block to the top of your ~/.ssh/config file.

Host *
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

The command line syntax won’t change at all.

Setup OpenSSH to use TOR for a specific connection

I recommend using TOR only for a specific connection. All other connections won’t be affected.

Add this block to your ~/.ssh/config. You have to replace mydomain with the host domain name or IP address and myaccount with your user name.

Host mydomain
HostName mydomain.com
User myaccount
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Setup OpenSSH to use TOR for a bunch of connections

Instead of setting up TOR for every single connections, you can do this for a bunch of connections at once. Following example shows how it works.

Host anon_*
CheckHostIP no
Comblockquotession yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Host anon_mydomain
HostName mydomain.com
User myaccount

Host anon_mydomain2
HostName mydomain2.com
User myaccount
Port 980

This way you know exactly if you’re using TOR or not.

Conclusion

It is very simple to anonymize your SSH sessions if you know what you’re doing. I’ve written this tutorial for legal purposes only. Using this is your own risk.

Copyright (c) Vincent Wochnik 2009

  • Share/Bookmark

Random Posts

You can leave a response, or trackback from your own site.

2 Responses to “Anonymous SSH sessions with TOR”

  1. Jens Kubieziel Says:
    July 19th, 2009 at 9:12 pm

    I assume Comblockquotession yes should read Compression yes :-)

  2. Frank Says:
    August 1st, 2009 at 1:03 pm

    Hi,

    you could achive the same result and more with iptables. TOR can be used as a transparent proxy. Just bend the connections you want to the transparent proxy. E.g https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« iotop – simple top-like I/O monitor
Howto remove NSM Configuration from a Juniper Firewall »