[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: configure/verify SSH connect thru Squid+Privoxy+Tor?



http://w2.wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-9c7bcccb765ceb4a8678e84793736529e8fea92d

Enjoy!  :)

Using ssh via tor will give you the latter 2, i wouldn't force ssh
through privoxy + squid, just use tor directly.  However, ymmv.

On Tue, Aug 30, 2005 at 10:51:42AM -0700, OpenMacNews@xxxxxxxxxxxxx wrote 2.4K bytes in 88 lines about:
: hi all,
: 
: i've a proxy gateway configured with Squid + Privxy + Tor for anonymized 
: surfing/connection.
: 
: works fine-n-dandy for web browsing.
: 
: now i'd LIKE to SSH to a remote shell with:
: 
:    pubkey session authentication
:    routing via the Tor OR network
:    SSL end-to-end encryption of the stream
: 
: the question is HOW?
: 
: a simple:
: 
:    ssh -l USER -L 8888:FQDN_OF_PROXY:8888 fqdn.of.target
: 
: connects, but seems to be INSENSITIVE to the <port> spec'n -- i.e., 
: ANYTHING seems to work ...
: 
: i HAVE read in the FAQ (see, i CAN be trained!) about/around:
: 
:    "If you would like to enable a non-SSL client ... to connect to a server 
: through Tor using SSL or TLS, you can use sslredir."
:    "Our first answer is "then use end-to-end encryption such as SSL", which 
:    is great but not always practical."
:    "If you want to use a service directly through the SOCKS interface (eg. 
:    ssh via connect.c), you'll probably have to set up an internal mapping in 
: your configuration file using MapAddress"
: 
: but, frankly, in general, and given that I've added Squid to the mix ... 
: I'm not at all certain how to
:        (a) properly configure the SSH connect to use Tor, and
:        (b) verify that the SSH session DID route through the OR network 
: (unlike, e.g., using showmyip.com for web browsing ...)
: 
: in my config, squid listens on:
: 
:    http_port         10.0.0.6:8888
:    http_port         127.0.0.1:8888
: 
: and forces connects to privoxy as a cahce_peer:
: 
:    acl Divert        myport        8888
:    cache_peer                      127.0.0.1 parent 8118 7 no-query default
:    never_direct      allow         Divert
: 
: where privoxy is listening/forwarding on:
: 
:    listen-address    127.0.0.1:8118
:    permit-access     127.0.0.1
:    forward-socks4a / 127.0.0.1:9050 .
: 
: and Tor catches the pass with:
: 
:    SocksPort 9050
:    SocksBindAddress 127.0.0.1:9050
:    SocksPolicy accept 127.0.0.1
:    SocksPolicy reject *
: 
: thx.
: 
: cheers,
: 
: richard



--