Delivery-Date: Thu, 19 Feb 2015 10:41:20 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BEDC81E0AE2
	for <archiver@seul.org>; Thu, 19 Feb 2015 10:41:18 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0A2B232372;
	Thu, 19 Feb 2015 15:41:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B5D3931B34
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 15:41:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5k87PTZPb5xi for <tor-talk@lists.torproject.org>;
 Thu, 19 Feb 2015 15:41:11 +0000 (UTC)
Received: from smtp.ini-tech.com (albert.ini-tech.com [192.99.35.19])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 98DAE316E4
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 15:41:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp.ini-tech.com (Postfix) with ESMTP id AC2238EF66
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 15:41:27 +0000 (UTC)
Received: from smtp.ini-tech.com ([127.0.0.1])
 by localhost (smtp.ini-tech.com [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id CkLZVxvrcWYl for <tor-talk@lists.torproject.org>;
 Thu, 19 Feb 2015 15:41:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp.ini-tech.com (Postfix) with ESMTP id 58AC18F048
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 15:41:26 +0000 (UTC)
Received: from smtp.ini-tech.com ([127.0.0.1])
 by localhost (smtp.ini-tech.com [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 7LUuZDIxxjDW for <tor-talk@lists.torproject.org>;
 Thu, 19 Feb 2015 15:41:26 +0000 (UTC)
Received: from thessa (unknown [96.127.212.51])
 by smtp.ini-tech.com (Postfix) with ESMTPSA id 33DC48EF66
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 15:41:26 +0000 (UTC)
Date: Thu, 19 Feb 2015 10:41:07 -0500
From: David Goulet <dgoulet@ev0ke.net>
To: tor-talk@lists.torproject.org
Message-ID: <20150219154107.GB10505@thessa>
References: <ff0969f9d2ea5c294f866c4660ebb309@openmailbox.org>
 <54E18DDC.5000400@cmu.edu>
MIME-Version: 1.0
In-Reply-To: <54E18DDC.5000400@cmu.edu>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [tor-talk] Tor over SSH (torsocks) (?)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5817044746244311249=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============5817044746244311249==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y"
Content-Disposition: inline


--xgyAXRrhYN0wYx8y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 16 Feb (00:27:40), James Murphy wrote:
> On 02/15/2015 03:22 PM, blobby@openmailbox.org wrote:
> > I want to login to my VPS over SSH.
> >=20
> > Is torsocks still a safe way to do this? A lot of the
> > documentation (such as it is) is several years old.
> >=20
> >=20
>=20
> I would also like to know this. SSH hidden service setup and use are
> easy with torsocks.
>=20
> /etc/tor/torrc
>=20
> HiddenServiceDir /var/lib/tor/ssh_service/
> HiddenServicePort 22 127.0.0.1:22
>=20
> Then
>=20
> torsocks ssh user@xxx.onion
>=20
> works like a charm.
>=20
> Can anyone comment on security of torsocks?

(So yeah I sent that a week ago and didn't notice that I used the wrong
email address for the list so here it is)

Torsocks was rewritten alost from scratch due to design issues and the
code was unmaintained since 2009. This new version is 2.0 and is now
packaged by most Linux distros.

https://people.torproject.org/~dgoulet/torsocks/
git: https://gitweb.torproject.org/torsocks.git

Now, that effort did improved the safety of it I would say quite a bit.
I won't go in the technical details but it's better and maintained now.

That being said, know this, torsocks is a best effort, it's not a silver
bullet and it's "easy" to design an application that will bypass
torsocks. However, you can be confident with a bunch of stuff such as
ssh, wget, netcat, etc... It's extensively used with those applications
on a daily basis. Tails and Whonix for instance rely on torsocks for
some applications (note that their firewall gives them extra
protection). I know that people are using torsocks with postfix and it
works well.

I would be happy to detail technical details of torsocks if someone
would like to, maybe a blog post?

Cheers!
David

> --=20
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQF8BAEBCABmBQJU5gQTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCNzQ0MTdFRERGMjJBQzlGOUU5MEY0OTE0
MkU4NkEyQTExRjQ4RDM2AAoJEELoaioR9I02koYH/2mMHBBilgmk0oY2G4xixOg3
V+mmVCaw9p4XmOt0i2PEiC7dVIpZikjl12zNz7czoUq2+q6DIfHfHFbepi9UW67u
3tnL2DJnD5waTY70KLWK/k0fGqlKvq3DQ3T6TJeK/BwzDYgOPJSJ1NORa6SwnaTy
/5Af7C9ZqVkmoXpwO/xmjeRZlpNqe21NhxE6HRf+9IWV3tNx6+iVDdwK5SrwYzlr
8ksmySZYAOqTwz/uuOL7x37hfooYHyAXjZ+cF1pCHiEkMMnIX6uw+LMcQqYNRoc1
6RnHjmJAjJwd5L6+MTJGVr1B58tus0z2CbF5hSCo/0If0q6IxpKPYg1135BBkw8=
=reAC
-----END PGP SIGNATURE-----

--xgyAXRrhYN0wYx8y--

--===============5817044746244311249==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============5817044746244311249==--

