[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Tor over SSH (torsocks) (?)



perhaps use "stealth" authenticated tor hidden service for your ssh to
mitigate the ssh 0-day(s); obviously this is not just a tin foil hat
practice anymore.

On Mon, Feb 16, 2015 at 10:56 PM, Dave Warren <davew@hireahit.com> wrote:
> On 2015-02-16 03:30, blobby@openmailbox.org wrote:
>>
>> On 2015-02-16 02:31, Dave Warren wrote:
>>>
>>> On 2015-02-15 16:35, Mirimir wrote:
>>>>
>>>> On 02/15/2015 02:22 PM, blobby@openmailbox.org wrote:
>>>>>
>>>>> I want to login to my VPS over SSH.
>>>>>
>>>>> Is torsocks still a safe way to do this? A lot of the documentation
>>>>> (such as it is) is several years old.
>>>>
>>>> I prefer to run an SSH hidden service on the VPS.
>>>
>>>
>>> I'd tend to agree; if you control the endpoint, set it up as a hidden
>>> service rather than having Tor exit node involved at all.
>>>
>>> While running hidden services alongside non-hidden services introduces
>>> some risks, most of these are less significant when connecting to SSH
>>> on a server that you control.
>>
>>
>> I don't think I phrased my question very well. I'm not running a hidden
>> server. I'm just logging in to a shared VPS to ftp. etc, rather than logging
>> in to a control panel over HTTPS.
>>
>> I just want a simple way to do "ssh IP port" but with Tor.
>
>
> Understood. But the suggestion is that you SHOULD run a hidden server to
> listen for SSH connections over Tor as this will be far more reliable and
> secure than having to rely on an exit node.
>
> The rest of the server doesn't need to be a hidden server, and SSH can still
> listen as both a Tor hidden server and a regular public server, but by
> making it a hidden server within Tor, you remove one of the major risk
> factors of using Tor: The exit node.
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk