Anonymous SSH Sessions With TOR

Want to support HowtoForge? Become a subscriber!
 
Submitted by vwochnik (Contact Author) (Forums) on Tue, 2009-07-14 12:21. :: Debian | Ubuntu | Security

Anonymous SSH Sessions With TOR

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn't always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn't provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.

 

Installing TOR

First you should to add the TOR repository to your system. It's only necessary if there's no package in the default repositories.

Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.

deb http://mirror.noreply.org/pub/tor lenny main

To use this repository without problems, you have to add the PGP key to your system.

apt-key adv --recv-keys --keyserver subkeys.pgp.net 0x94C09C7F

Update your repositories and install TOR.

apt-get update && apt-get install -y tor

If you want to use TOR with OpenSSH, you have to install another program called connect-proxy.

apt-get install -y connect-proxy

 

Setup OpenSSH to use TOR for all connections

However, this is not recommended, but here is how it works.

Add the following block to the top of your ~/.ssh/config file.

Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

The command line syntax won't change at all.

 

Set up OpenSSH to use TOR for a specific connection

I recommend using TOR only for a specific connection. All other connections won't be affected.

Add this block to your ~/.ssh/config. You have to replace mydomain with the host domain name or IP address and myaccount with your user name.

Host mydomain
HostName mydomain.com
User myaccount
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

 

Set up OpenSSH to use TOR for a bunch of connections

Instead of setting up TOR for every single connections, you can do this for a bunch of connections at once. Following example shows how it works.

Host anon_*
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p
Host anon_mydomain
HostName mydomain.com
User myaccount
Host anon_mydomain2
HostName mydomain2.com
User myaccount
Port 980

This way you know exactly if you're using TOR or not.

 

Conclusion

It is very simple to anonymize your SSH sessions if you know what you're doing. I've written this tutorial for legal purposes only. Using this is your own risk.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Sayyad habeeb (not registered) on Wed, 2014-01-22 06:04.

Hello guys!
 

Can anybody help me out please.  I'm using following command at cygwin window and getting the subsequent error

ssh -v -l cyg_server -2 192.168.1.33 -o ProxyCommand="/bin/connect -5 -S 127.0.0.1:9050 %h %p"

 

 ERROR: Got error response from SOCKS server: 4 (Host unreachable).

FATAL: failed to begin relaying via SOCKS.

ssh_exchange_identification: Connection closed by remote host


Submitted by Anonymous (not registered) on Mon, 2010-12-13 20:45.

Why to complicate, when there is a toll which do exactly the same automatically? Use torify as follows:

torify ssh user@ip_address and that's it.

With this tool you can torify any application you want, wget, telnet, ftp...

Submitted by jdkullmann (registered user) on Sat, 2009-08-22 15:58.

I love the idea of Tor but beware. I had it up and running and I got a legal notice that my ISP had received from the RIAA or HBO or someone that I was bittorrenting illegally. But, I never run bittorrent.  Turns out that someone else on the Tor network was (big surprise) and by being a Tor exit point as far as HBO was concerned it was I (or at least my system) that was putting out the bittorrent packets.

 Sadly I took  down Tor in spite of the fact that I really like the notion behind it etc. I suppose I could have left it up and not been an exit point but that did not seem like it was in the spirit of Tor

Submitted by Anonymous (not registered) on Wed, 2009-07-15 13:26.

The next step is to explain how to prevent incoming SSH connections from TOR proxies... If anyone is using TOR to get to one of my boxes, then they are certainly up to no good.

 

Submitted by phocean (not registered) on Tue, 2009-07-14 15:06.
It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense.
Submitted by Palin (not registered) on Wed, 2009-07-15 11:28.

The nonsense about internet is the nonsense about firewall policies. That's the same about nonsense in the most-adopted operating system security (or lack of it), and the nonsense of application-side workaround to the nonsense above.

So now there's SOAP, rpc over http, but the RPC port is closed on the firewall, are you more secure now? :)

Submitted by Silver Knight (not registered) on Wed, 2009-07-15 09:16.

phocean said: "It contributes to the mess that Internet is becoming : HTTP is the new transport protocol, in place of IP. HTTP wasn't designed for that, how many more layers will we continue to add on the top of it ? Total non-sense."

 Are you entirely 100% absolutely certain that you really really understand how the Internet works exactly?  You might want to think about reading up on the topic a little more.  TCP/IP and HTTP are not the same thing and HTTP most certainly is not in any way replacing IP.  HTTP,  FTP, SSH, IRC, POP, IMAP, and a number of other transfer protocols are used in addition to TCP/IP and are simply nothing more than agreed upon methods of exchanging data "over the wire".  NONE of these protocols are being used "in place of" IP, and I'm not exactly understanding how your comment quite relates to the content of this howto.

On the topic of the howto itself, my thanks to the author for your efforts.  While I have no need for TOR at this particular moment, I appreciate the attempt to share useful information and have captured this howto in my notes as some of the information in the howto is useful to me even though I have no need of the TOR part of it.

Submitted by Anonymous (not registered) on Sat, 2014-03-15 09:20.

you guys that are aruing about how nonsensical this all is are real dolts. TOR has a very specific aim and that's anonymization. Although some people do use it for simply traversing firewalls, which intself is useful in some sense.

 It's non-trivial to want to stay hidden and out of sight especially when there are very real dangers underneath police states where a little free speech can get you killed. 

 The internet works seamlessly like this because we manage to encapsulate one protocol over the other. Without this design your dribble being slobbered all over this page would not have been possible.

The internet was not simply and casually designed like this on a whim. They spent decades on such a progressive feat; with men standing atop the shoulders of other men pricesely because it took the combined efforts of scientists, mathematicians and all sorts of experts. 

 The fact that you can casually shrug off this accomplishment is testament to your trivial understanding of the computer that sits before you. How the internet is able to remain agnostic of the type of system that participates in the grand amalgam. Your myopic comprehension is truly and utterly disappointing. Today is another day I shrug of my hopes for an intelligent and sane human race. And instead we have our peers that blather on befuddled always to be trapped in their ever present philospher's cave. 

Submitted by MoJo (not registered) on Wed, 2009-07-15 11:43.

I agree with Phocean.

Nowadays, a bunch of protocol are encapsulated in HTTP without valid reasons except simplicity and the fact that firewalls often let HTTP traffic cross them.

However these protocols are not used to carry hyper text messages (what is HTTP for).

TOR is an example of this non-sense, SOAP, WSDL, are others.

Submitted by Anonymous (not registered) on Fri, 2011-09-02 19:06.
Also, IP isn't a "transport". TCP, UDP and others are transport protocols, not IP which is in the Network Layer. Why don't you go read at least a wikipedia entry on the OSI and TCP/IP network protocol stacks?
Submitted by Anonymous (not registered) on Wed, 2009-07-22 13:16.

Tor uses TCP only.