Re: [tor-talk] Getting de-anonymized with SSH (J. S. Evans)

[Me <tortalk@xxxxxxxxxxxxxxxxxxxxxxxx>]

It can be complicated. Tor itself provides a multi-hop anonymizing TCP connection, however what your application may or
may not do outside of Tor is uncontrolled, this is why the Tor Browser is recommended for use instead of simply proxying
your regular browser through Tor, TBB is designed to minimize undesired side channels.

Your question really is asking about undesired side channels, so the answer is, "It Depends". I'm not trying to be
flippant, it can be complicated. For example if you client application checks server SSH certificates for status (CRL &
OCSP) then you have two immediate concerns: (1) is the OCSP check routing outside of Tor, thus potentially
de-anonymizing you immediately, (2) Even if the cert check runs through Tor, do you ever access it outside of Tor,
creating a potential for correlation. This is why there is still ongoing discussion of whether one should use certs
within Tor.

Another common side channel is DNS. Does the address resolution happen outside Tor (unfortunately a common error), in
which case you're immediately de-anonymized. Even if it takes place within Tor, do you ever use it outside of Tor, again
creating a potential for correlation.

Then there is more esoteric concerns such as the potential for traffic analysis. Does you application create a periodic
pattern of traffic bursts that could be correlated? This would require some pretty heavy effort, but not impossible. Do
you have a Hidden Service that comes up and goes down in sync with a public presence?

Last but not least, there are many executable products that run on your local machine, like JavaScript, that may
de-anonymize, intentionally or otherwise, that are not obvious, such as: PDF documents, MS Office documents, and others.
It's important to set your routing rules to allow ONLY your expected Tor connects and disallow everything else.

> Message: 1
> Date: Sun, 8 Apr 2018 02:40:22 -0600
> From: "J. S. Evans" <jsevans@xxxxxxxxxxxxxx>
> To: <tor-talk@xxxxxxxxxxxxxxxxxxxx>
> Subject: [tor-talk] Getting de-anonymized with SSH
> Message-ID: <000701d3cf15$3e1c6ef0$ba554cd0$@gardeng.nom.es>
> Content-Type: text/plain;	charset="us-ascii"
>
> Hi all,
>
> First of all, I know that the best way to stay anonymous on Tor when
> browsing the web is to use the Tor Browser and be smart about how you use
> it.
> What about when you're not using the web? If I am using ssh over Tor, is
> there a good chance that I can be de-anonymized? By this I mean ssh to an
> onion service not to the external internet.
> I would think that it is more safe than the web since you don't have to
> worry about things like javascript, etc.
>
> Am I correct, or are there other things that I am not aware of? Thanks!
>
> Jason
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk