[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Anonymous SSH Hack.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Anonymous SSH Hack.
From: Lars Noodén <lars.nooden@xxxxxxxxx>
Date: Mon, 12 Sep 2016 16:43:25 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Sep 2016 09:43:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=2X64P1QlRZyrqMaRXl39YyCowxKwRQrK01mfAwR4jfc=; b=ET4WntM3ybzCzRCEjUHtXotcQ580U0NTRbpq296BVyJ6YbFlbhe91snXQYKKjCa4V/ HZfvpGq/VAeUzu6RyPQwHxYacNMRZQeTpfnMDd43gnt0vqVTeYcXNys/YeV6+vqZYYW0 6F64JbVG/a0MJHMDG+MEWA4vUoO9iz5OLXXUZpJWicZQefnS8R8+QKfWM3saUtgvuY5k 0e+8erU6mTUj4Ms5nwWIqmIDi9RF1LbGS8Ultst7biO1OU8+zZt8PP9dWk6EDULztM+C 5UAA2eD0QsOJylqeCKrvjLm693Md1mwUfa1zoTXk+8MwwAQi33MA+ZFRGL2IQTFHFz4b 8VVg==
In-reply-to: <CABMkiz6at+km+x6s6cUggdhg9Si9mHfH3N8fH5O9P40s7g3mEg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAJb1f3wvEnrS+AeSnHdGe-vmWwBHT7-EtdtzF-zj1NAobAUzug@mail.gmail.com> <CABMkiz6at+km+x6s6cUggdhg9Si9mHfH3N8fH5O9P40s7g3mEg@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 09/12/2016 03:54 PM, Ben Tasker wrote:
>... 
>      CheckHostIP=no
> 
> Don't do a DNS lookup of the host, the Tor exit node's going to do that
> anyway, and again, the queries will be observable by your ISP

I'm thinking that the use of ProxyCommand makes that redundant?
The manual page for ssh_config(5) says

	Note that CheckHostIP is not available for connects
	with a proxy command.

I just did a quick test with only VerifyHostKeyDNS set to 'no'

 ssh -o "VerifyHostKeyDNS=no" \
 -o ProxyCommand="nc -X 5 -x localhost:9150 %h %p" \
 user@xxxxxxxxxxxxxxx

while for leakage, I checked on a Ubuntu 14.04 LTS system with tcpdump:

 tcpdump -vvv -A -qpli p3p1 'dst port 53'

and it showed no activity for the above ssh connection.  It does show
DNS queries for non-Tor ssh connections and other activities with the
same tcpdump session.

And CheckHostIP isn't mentioned in the official documentation:

 https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh

So it may not be needed.

Regards,
Lars

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Anonymous SSH Hack.
  - From: Ben Tasker

References:
- [tor-talk] Anonymous SSH Hack.
  - From: Andrzej Wysocki
- Re: [tor-talk] Anonymous SSH Hack.
  - From: Ben Tasker

Prev by Author: Re: [tor-talk] Wily repository
Next by Author: [tor-talk] New Document: Building a "Proof of Concept" Onion Site
Previous by thread: Re: [tor-talk] Anonymous SSH Hack.
Next by thread: Re: [tor-talk] Anonymous SSH Hack.
Index(es):
- Author
- Thread