[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor over SSH (torsocks) (?)



On 16 Feb (00:27:40), James Murphy wrote:
> On 02/15/2015 03:22 PM, blobby@xxxxxxxxxxxxxxx wrote:
> > I want to login to my VPS over SSH.
> > 
> > Is torsocks still a safe way to do this? A lot of the
> > documentation (such as it is) is several years old.
> > 
> > 
> 
> I would also like to know this. SSH hidden service setup and use are
> easy with torsocks.
> 
> /etc/tor/torrc
> 
> HiddenServiceDir /var/lib/tor/ssh_service/
> HiddenServicePort 22 127.0.0.1:22
> 
> Then
> 
> torsocks ssh user@xxxxxxxxx
> 
> works like a charm.
> 
> Can anyone comment on security of torsocks?

(So yeah I sent that a week ago and didn't notice that I used the wrong
email address for the list so here it is)

Torsocks was rewritten alost from scratch due to design issues and the
code was unmaintained since 2009. This new version is 2.0 and is now
packaged by most Linux distros.

https://people.torproject.org/~dgoulet/torsocks/
git: https://gitweb.torproject.org/torsocks.git

Now, that effort did improved the safety of it I would say quite a bit.
I won't go in the technical details but it's better and maintained now.

That being said, know this, torsocks is a best effort, it's not a silver
bullet and it's "easy" to design an application that will bypass
torsocks. However, you can be confident with a bunch of stuff such as
ssh, wget, netcat, etc... It's extensively used with those applications
on a daily basis. Tails and Whonix for instance rely on torsocks for
some applications (note that their firewall gives them extra
protection). I know that people are using torsocks with postfix and it
works well.

I would be happy to detail technical details of torsocks if someone
would like to, maybe a blog post?

Cheers!
David

> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk