Delivery-Date: Tue, 17 Feb 2015 06:51:04 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6DE491E067B
	for <archiver@seul.org>; Tue, 17 Feb 2015 06:51:03 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5C69032A81;
	Tue, 17 Feb 2015 11:51:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7801632A81
 for <tor-talk@lists.torproject.org>; Tue, 17 Feb 2015 11:50:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id k9GjAutuL5tX for <tor-talk@lists.torproject.org>;
 Tue, 17 Feb 2015 11:50:56 +0000 (UTC)
Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com
 [IPv6:2a00:1450:400c:c00::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2EBDB327BD
 for <tor-talk@lists.torproject.org>; Tue, 17 Feb 2015 11:50:56 +0000 (UTC)
Received: by mail-wg0-f45.google.com with SMTP id k14so31729648wgh.4
 for <tor-talk@lists.torproject.org>; Tue, 17 Feb 2015 03:50:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=ZF2Ot5ECURaREFaiyrwWLahaqp52P6XYttZRnF9GBvs=;
 b=WMjhLIo0bembPj9m0oPE6R3vkf1HxWhpUvW8ANHvA0hReY1LqUk3L+pGmTpIRBPiRx
 sMrE7gsWtchnu1OVQRcLNLQvRQuJ9h3C5lEsIBd0OEBp2ZVTnmJ4gvGAJMq6WbDYjd/A
 EELX+LJ1N8WEw0VwR+8pYI8PYSoZyyUl4OlPsIwJU2sst1PrjtLoMTPwd5c4yd9/e50m
 HuxNU7VX3OsIVpvx8wi7bftqCRvB4ycj/Tt8M7qFMu+FgOQucQhgO2ntan5gSKUM4egF
 gI11HxBpBux9YWik+JEw2jMJV8qC8QZ8iSMzQW3f89v4OFyd5YWCDPH4M6lt1/m4RGfX
 AiGw==
MIME-Version: 1.0
X-Received: by 10.194.243.1 with SMTP id wu1mr61764715wjc.69.1424173852566;
 Tue, 17 Feb 2015 03:50:52 -0800 (PST)
Received: by 10.216.31.193 with HTTP; Tue, 17 Feb 2015 03:50:52 -0800 (PST)
In-Reply-To: <54E275A2.1000504@hireahit.com>
References: <ff0969f9d2ea5c294f866c4660ebb309@openmailbox.org>
 <54E13B37.8070004@riseup.net> <54E1567A.90709@hireahit.com>
 <c0e17374bc441f241698b7109078ec67@openmailbox.org>
 <54E275A2.1000504@hireahit.com>
Date: Tue, 17 Feb 2015 11:50:52 +0000
Message-ID: <CAFN1edoKzsUMrdPH835849ynyZWM-YfLSYXtPZ+zSPNOhXZWzw@mail.gmail.com>
From: David Stainton <dstainton415@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Tor over SSH (torsocks) (?)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

perhaps use "stealth" authenticated tor hidden service for your ssh to
mitigate the ssh 0-day(s); obviously this is not just a tin foil hat
practice anymore.

On Mon, Feb 16, 2015 at 10:56 PM, Dave Warren <davew@hireahit.com> wrote:
> On 2015-02-16 03:30, blobby@openmailbox.org wrote:
>>
>> On 2015-02-16 02:31, Dave Warren wrote:
>>>
>>> On 2015-02-15 16:35, Mirimir wrote:
>>>>
>>>> On 02/15/2015 02:22 PM, blobby@openmailbox.org wrote:
>>>>>
>>>>> I want to login to my VPS over SSH.
>>>>>
>>>>> Is torsocks still a safe way to do this? A lot of the documentation
>>>>> (such as it is) is several years old.
>>>>
>>>> I prefer to run an SSH hidden service on the VPS.
>>>
>>>
>>> I'd tend to agree; if you control the endpoint, set it up as a hidden
>>> service rather than having Tor exit node involved at all.
>>>
>>> While running hidden services alongside non-hidden services introduces
>>> some risks, most of these are less significant when connecting to SSH
>>> on a server that you control.
>>
>>
>> I don't think I phrased my question very well. I'm not running a hidden
>> server. I'm just logging in to a shared VPS to ftp. etc, rather than logging
>> in to a control panel over HTTPS.
>>
>> I just want a simple way to do "ssh IP port" but with Tor.
>
>
> Understood. But the suggestion is that you SHOULD run a hidden server to
> listen for SSH connections over Tor as this will be far more reliable and
> secure than having to rely on an exit node.
>
> The rest of the server doesn't need to be a hidden server, and SSH can still
> listen as both a Tor hidden server and a regular public server, but by
> making it a hidden server within Tor, you remove one of the major risk
> factors of using Tor: The exit node.
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

