[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] RFC: obfsproxyssh

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] RFC: obfsproxyssh
From: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date: Mon, 29 Jul 2013 16:56:43 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Jul 2013 19:58:10 -0400
In-reply-to: <20130729070501.GC22784@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <51CD53AE.5030709@xxxxxxxxxxxxxxx> <51D3574C.3010005@xxxxxxx> <20130727035619.GA22784@xxxxxxxxxxxxxx> <CA+cU71mtdTyPWF-4BPSdts3sfVN80Aj-ZVQEDYg0SE1igp2-zA@xxxxxxxxxxxxxx> <20130729070501.GC22784@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

On 2013-07-29 00:05, Andreas Krey wrote:
> On Sat, 27 Jul 2013 09:52:52 +0000, Tom Ritter wrote:
> ...
>> I've always thought with SSH-based obsproxies, that you could
>> distribute the SSH private key to connect to the server with the
>> bridge IP address:port.
> 
> I couldn't quite avoid the reflexive cringe at 'distribute private key'. :-)
> 
> ...
>> So I think the value of requiring a login a the SSH-based obsproxy is
>> not for authentication but for scanning resistance.
> 
> Ah, that's a cool idea. I was already assuming that a specific key would
> be used to select the tor service on the sshd, but making that key
> variable is a nice twist. (I didn't know the bridgedb has space for
> such info.)

Yep, that's the idea.  All of the arguments in the gigantic bridge line
of doom are the equivalent of something like the shared secret component
present in ScrambleSuit.

The code's changed quite a bit since I've last posted (per discussion
with asn a while ago, we decided that it would be better to use a "real"
ssh client), so I have been working on a python script that wraps
OpenSSH.  Works fairly well under U*IX, but under Windows, there's a few
issues that need to be addressed still.

Regards,

-- 
Yawning Angel
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] RFC: obfsproxyssh
  - From: Ximin Luo
- Re: [tor-dev] RFC: obfsproxyssh
  - From: Andreas Krey
- Re: [tor-dev] RFC: obfsproxyssh
  - From: Tom Ritter
- Re: [tor-dev] RFC: obfsproxyssh
  - From: Andreas Krey

Prev by Author: Re: [tor-dev] RFC: obfsproxyssh
Next by Author: [tor-dev] TBB without Vidalia
Previous by thread: Re: [tor-dev] RFC: obfsproxyssh
Next by thread: Re: [tor-dev] RFC: obfsproxyssh
Index(es):
- Author
- Thread