[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: configure/verify SSH connect thru Squid+Privoxy+Tor?
Using ssh via tor will give you the latter 2, i wouldn't force ssh
through privoxy + squid, just use tor directly. However, ymmv.
On Tue, Aug 30, 2005 at 10:51:42AM -0700, OpenMacNews@xxxxxxxxxxxxx wrote 2.4K bytes in 88 lines about:
: hi all,
: i've a proxy gateway configured with Squid + Privxy + Tor for anonymized
: works fine-n-dandy for web browsing.
: now i'd LIKE to SSH to a remote shell with:
: pubkey session authentication
: routing via the Tor OR network
: SSL end-to-end encryption of the stream
: the question is HOW?
: a simple:
: ssh -l USER -L 8888:FQDN_OF_PROXY:8888 fqdn.of.target
: connects, but seems to be INSENSITIVE to the <port> spec'n -- i.e.,
: ANYTHING seems to work ...
: i HAVE read in the FAQ (see, i CAN be trained!) about/around:
: "If you would like to enable a non-SSL client ... to connect to a server
: through Tor using SSL or TLS, you can use sslredir."
: "Our first answer is "then use end-to-end encryption such as SSL", which
: is great but not always practical."
: "If you want to use a service directly through the SOCKS interface (eg.
: ssh via connect.c), you'll probably have to set up an internal mapping in
: your configuration file using MapAddress"
: but, frankly, in general, and given that I've added Squid to the mix ...
: I'm not at all certain how to
: (a) properly configure the SSH connect to use Tor, and
: (b) verify that the SSH session DID route through the OR network
: (unlike, e.g., using showmyip.com for web browsing ...)
: in my config, squid listens on:
: http_port 10.0.0.6:8888
: http_port 127.0.0.1:8888
: and forces connects to privoxy as a cahce_peer:
: acl Divert myport 8888
: cache_peer 127.0.0.1 parent 8118 7 no-query default
: never_direct allow Divert
: where privoxy is listening/forwarding on:
: listen-address 127.0.0.1:8118
: permit-access 127.0.0.1
: forward-socks4a / 127.0.0.1:9050 .
: and Tor catches the pass with:
: SocksPort 9050
: SocksBindAddress 127.0.0.1:9050
: SocksPolicy accept 127.0.0.1
: SocksPolicy reject *