Looking for a way to gain a bit more security and privacy for your SSH connections? Jack Wallen shows you how with the help of Tor.
SSH is, by design, a fairly secure means of gaining shell access to remote machines. However, there are always ways to eke out a bit more security and privacy from these connections.
One such method is with the help of Tor. With Tor, you can add a level of anonymity and even hide your services from prying/hacking eyes.
I’m going to walk you through the process of making SSH connections over Tor. The process isn’t terribly difficult so anyone that administers SSH should be able to make this work.
SEE: Security Awareness and Training policy (TechRepublic Premium)
What you’ll need
I’ll be demonstrating on two Ubuntu server machines, but the process will work with just about any Linux distribution. You’ll also need a user with sudo privileges.
How to install Tor
The first thing you must do is install Tor. You’ll need to do this on both the client and the server, so log in and run the following command on each:
sudo apt-get install tor -y
Once that installation completes, you’re ready to configure Tor.
How to configure Tor
We need to add a couple of configuration options to the default Tor configuration file. Log in to the server you’ll be connecting to and issue the command:
sudo nano /etc/tor/torrc
At the bottom of that file, add the following:
HiddenServiceDir /var/lib/tor/other_hidden_service/ HiddenServicePort 22
Save and close the file.
Restart Tor with the command:
sudo systemctl restart tor
The restarting of Tor will generate all the necessary files within /var/lib/tor/other_hidden_service. In that directory will be the hostname you’ll need to use to connect to the server from the remote client. To find out that hostname, issue the command:
sudo cat /var/lib/tor/other_hidden_service/hostname
You should see something like:
How to connect to the server
Head over to your client, where you’ve also installed Tor. In order to connect to the server, you’ll use the hostname provided by the cat command from above. So to make the connection, you’d issue the command:
torify ssh USER@HOSTNAME
Where USER is a remote user and HOSTNAME is the hostname provided by Tor.
torify ssh email@example.com
You’ll be prompted for your remote user password (or SSH key auth passphrase) and be allowed entry to the server.
The only caveat to using Tor in this manner is that it’s slightly slower to connect than a straight up SSH connection. That sacrifice of seconds is well worth the anonymity you gain.