[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ssh over tor



I'd also be interested to hear from anyone who took the time to research
this further. I for one arrived at the same conclusion as Lars at least in
regards to DNS leaking, and saw no way for anything to be leaked, really.
(Also, if netcat fails at some point during the ssh session, the pipe
breaks, and that's that, no leak problem.)

I've had a very similar line [1] in my shell's rc for a long time now. :)
but would be interesting to hear others' opinions, as I think quite a lot
of people may be using this way to do anon ssh.

[1] ssh -o "ProxyCommand nc -x 192.168.64.1:19234%h %p" -D 20234
(Tor binds to 192.168.64.1:19324; also dynamic-forward via port 20234 - a
kind of a chained socks proxy.)

On Thu, May 2, 2013 at 8:20 PM, Lars Noodén <lars.nooden@xxxxxxxxx> wrote:

> I'm looking at using netcat to run ssh over Tor.
>
> Does this use of netcat leak information in any way?
>
>  ssh -o ProxyCommand="nc -X 5 -x localhost:9050 %h %p" \
>      -o User=user1 server.example.org
>
> Many others must have already looked at this way of connecting since it
> is fairly obvious.  The only thing I could think of to test was DNS.  I
> blocked DNS at the packet filter and set it to log any outgoing DNS
> traffic, and nothing was logged when I ran the test.  So it seems that
> it is safe in that regard.  Is it safe in general?
>
> I see one vague reference to it in the archives:
>
> https://lists.torproject.org/pipermail/tor-talk/2012-December/026728.html
>
> But there is no follow up indicating whether it's good or not.
>
> Regards,
> /Lars
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk