This section is dedicated to administrators of remote servers and how to interact with external hosts over Tor.
From OpenSSH manual page:
ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel
Read also TPO TorifyHowTO ssh.
Install the openssh-client:
sudo apt install -y openssh-clientWarning: 'ssh some.host' will leak your UNIX username. If you do 'ssh [email protected]' it will not leak your username. That is why we suggest using non-identifying usernames on your machines to prevent such leaks in the first place.
Warning: OpenSSH has a feature for looking up remote host keys in SSHFP DNS records; don't use it, or it will try to resolve hostnames before it invokes your ProxyCommand and creates a leak. To make sure this doesn't happen, pass -o VerifyHostKeyDNS=no on your ssh command line. A good command for checking for DNS leakage is: tcpdump -vvvv -i <your_device> dst port 53
To use SSH with torsocks, simply use the command:
torsocks ssh [email protected]You may want to add an alias like so:
alias ssh-tor='torsocks ssh'Then you can simply issue the command ssh-tor example.com.
Install netcat-openbsd
sudo apt install -y netcat-openbsdWhen using netcat-openbsd, you can use the ssh ProxyCommand option:
ssh -o "ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p" <target_host>To do it for every .onion host, use globs and edit your ~/.ssh/config to look something like this:
host *.onion
user bar
port 22
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
If preferred, it is possible to make an alias for this and place it in your ~/.bash_aliases like so:
alias ssh-tor='ssh -o "ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p"'
Then you can simply issue the command ssh-tor example.com.
Install the openssh-server:
sudo apt install -y openssh-serverCreate an onion service for your ssh server. Add to your torrc:
HiddenServiceDir /var/lib/tor/services/ssh
HiddenServiceVersion 3
HiddenServicePort 22 127.0.0.1:22Reload tor:
sudo systemctl reload torFrom remmina manual page:
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travellers, who need to work with lots of remote computers in front of either large monitors or tiny netbooks. Remmina supports multiple network protocols in an integrated and consistent user interface. Currently RDP, VNC, SSH, SPICE, NX, XDMCP, and WWW are supported.
Remmina supports multiple network protocols in an integrated and consistent user interface. Currently RDP, VNC, SPICE, WWW, NX, XDMCP, EXEC and SSH are supported.
Read also Whonix wiki, Remmina wiki.
Install remmina:
sudo apt install -y remmina