TOR Howto - Using TOR Through A Ssh-Tunnel Blog of Too Many Things

TOR howto: Using TOR through a ssh-tunnel Blog of too many things
http://itnomad.wordpress.com/2006/09/28/tor-howto-using-tor-through-a...
Blog of too many things

from the trenches for geeks Home Software Filesystems About
TOR howto: Using TOR through a ssh-tunnel

5 Im a fan of TOR, the anonymizing network. It lets me access the Internet anonymously and I dont need to fear that anyone might use the data from their big Lawful Interception Points against me. It also prevents evil companies from correlating my web-surfing behaviour and connecting it to my IP-address. I aint no criminal, i just dont like it when people assume by default that Im maybe a criminal, become one in the future, or use data which show my personal surfing-habits. I support the TOR-network actively trough a small monthly donation and through running my own TOR-server. Im also willing to tell anyone how to use TOR effectively. A posting on the or-talk mailinglist from today asked a simple question: There are 2 hosts. Host 1 is at home (Debian-testing). Host 2 is at my workplace (WindowsXP Pro) I use Tor with Privoxy at home (host 1). Firefox with Torbutton plugin works fine. So it seems everything ok. At my workplace I use (WindowsXP, host 2) SSH port forwarding (with Putyy) for webbrowsing. At Firefox in preferences, in connection tab I had to set Socks host: localhost, port: 1080, using Socksv5. I would like to use the Tor network from the host2 over SSH portforwarding using my Debian host(2) at home. Is it possible? If so, how can I do it? Yes, its possible without much hassle. First, you need a little bit of software on your client:
1 of 14
7/11/2011 1:17 PM
1. putty or openssh 2. for your convenience, the Firefox Switchproxy Plugin its not actively supported anymore but IMHO nicer than Torbutton. Next, check if TOR uses the default port and listen-address, open /etc/tor/torrc (or where your torrc is):
SocksPort 9050 SocksBindAddress 127.0.0.1
Now it all depends on if youre using openssh or putty. With openssh its very simple. Open a terminal and log in to the remote-host:
host2$ ssh -L 9050:127.0.0.1:9050 user@host1
Log in, the tunnel is now active; that means, if you connect to localhost:9050 a local connection on host2 you get redirected to host1:9050 (more precise: 127.0.0.1:9050 on host1) through the encrypted ssh-tunnel. With putty its the same, but more clicky-click. Open putty, load you configuration on go straight to Connection -> SSH -> Tunnels; enter 9050 for Source port and 127.0.0.1:9050 for Destination leave everything else as it is. After pressing the Add-button you should see:
Now it would be a good time to save your session, otherwise youd have to enter the same information over and over again the next time you want to use the tunnel. Open the connection, voil! Theres your tunnel. Now for Firefox; i assume you already installed the Switchproxy-Plugin, now add a new proxy; leaving everything empty but SOCKS fill in 127.0.0.1 and Port 9050:
2 of 14
7/11/2011 1:17 PM
Now something really important; Firefox uses, by default, the local DNS, even if you use SOCKS. That leads to the situation, that information leaks from you. Imagine youd like to check out http://some.big.boo.bs/ Firefox will ask your DNS (your employers DNS in the worst case!) for the IP-address of the host some.big.boo.bs. But thats not necessary: You can just tell Firefox to request everything through SOCKS. In order to do that just open a new Tab in Firefox, and enter about:config as the URL. Youll see lots of different settings which affects the behaviour of Firefox. In the Filter-field enter network.proxy.socks_remote_dns if value isnt set to true, set it to true by double-clicking the line. Beware: If you dont know what youre doing dont change any other value! You might totally screw up Firefoxs behaviour. To check if the proxy is really active, open a connection to the website http://www.showmyip.com/ it does the same like the usual TOR-test page at serifos, but seems to be more reliable:
3 of 14
7/11/2011 1:17 PM
Thats it, fairly easy you can even configure Putty that it uses a local http-Proxy to establish the ssh-connection through it, resulting in the chain http over SOCKS over SSH over http over TOR. Additionally to this i also installed a normal SOCKS5-server on my server, i used danted (shipped with Debian Sarge); this is the configuration Im using:
logoutput: syslog internal: 127.0.0.1 port = 9051 external: 84.19.183.23 method: none clientmethod: none user.privileged: proxy user.notprivileged: nobody user.libwrap: nobody compatibility: sameport client pass { from: 127.0.0.1/32 port 1-65535 to: 127.0.0.1/32 method: none } block { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bind log: connect error } pass { from: 127.0.0.1/32 to: 0.0.0.0/0 protocol: tcp udp }
So what Im doing is not only using the TOR-SOCKS running 9050 but also the danted-SOCKS running on 9051; I applied both settings to my Putty-configuration and now i can choose if I want to surf anonymously or not anonymously (for everything which needs passwords and stuff) and all goes via a normal web-proxy. Reclaim your privacy and anonymity! Purge all personal data before and after using TOR through
4 of 14 7/11/2011 1:17 PM
CTRL+SHIFT+Del! And stay human.
This work is licensed under a Creative Commons Attribution 2.5 License. Tech Tags: Howto Privacy TOR
This entry was posted on Thursday, September 28th, 2006 at 8:29 pm and is filed under Howto, Privacy, TOR. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Like Be the first to like this post.
24 Responses to TOR howto: Using TOR through a ssh-tunnel

1. therealdonquixote says: September 28, 2006 at 8:54 pm D00d awesome post! 3 things 1. Does this run any faster than TOR and Privoxy alone? 2. For some reason FoxyProxy has just crapped out on me. I reinstalled it. I reintsalled FireFox, then reinstalled the extension. No luck. The extension is there but it doesnt do anything. So Im forced to use Torbutton or torpark (I want the defined patterns waaaaaaaaaaaaah). 3. I wrote a post on surviving IT lockdown. And a blogger named sledgehbk, has some questions about IT departments detecting TOR on a work PC. I think I answered right but you seem a little better suited to answer his questions. Im not in IT. Im a grey hat who like to help out noobs. I though you might actually work in IT so maybe you could take a look? (BTW His quiestions are in the comments) Reply 2. TOR howto: Using TOR through a ssh-tunnel TheMostBoringBlogInTheWorld says: September 28, 2006 at 9:03 pm [...] TOR howto: Using TOR through a ssh-tunnel [via] IT, life and me [...] Reply 3. Alexander W. Janssen says: September 28, 2006 at 9:08 pm therealdonquixote: 1) Running everything through the ssh-tunnel adds a certain level of protocol-overhead, so basically its a bit slower. However, SOCKS is a bit faster than Privoxy. Privoxy on the other hand removes
5 of 14
7/11/2011 1:17 PM
scary, dodgy and unnecessary HTML-crap to improve your level of privacy. Its a tradeoff. 2) I dont know FoxyProxy; havent tried it yet, i might give it a try later. But the website says: *** UPGRADING TO 2.0 *** IF YOU HAVE PROBLEMS AFTER UPGRADING TO 2.0, DELETE FOXYPROXY.XML AND RESTART FIREFOX. Maybe deleting that XML-file might help you? Its worth a try. 3) Ill have a look. Thanks for your feedback! Reply 4. trung says: April 30, 2007 at 2:08 am I am using Tor at the moment, but I find it to be extremely slow. I think adding SSH layer on top of it will make it even slower. Reply 5. Alexander W. Janssen says: May 1, 2007 at 11:28 pm Trung: It depends on the circuit you get. Your connection is always over three different Tor-Nodes and the total bandwidth is that of the slowest nodes. Waiting for some time until your current circuit expires usually helps. However, there are tools like Vidalia where you can force a new circuit. Alex. Reply 6. Skeletor says: August 3, 2007 at 9:11 pm Great job. Here I have a similar request. I am behind an ISA firewall so I need to use NTLMAPS to get through. My ISP have started to block TOR Servers to prevent anyone to connect through them. Yet I know I can access those servers through any free proxy already existing on the Internet, provided it can use SSL connections. It would be nice if I could point my TOR client to any of these proxies before it would connect to the TOR servers which are blocked. I know TOR allows for an HTTP proxy, but that one I have used to point to the NTLMAPS proxy. Do I stand any chance to beat my ISP? I only need TOR to acces the circuit initially throgh an existing HTTP server. Should my ISP detect the HTTP server and block it, what the hell there are zillions more to connect to. :) Reply 7. Search engine terms roundup Blog of too many things says: September 21, 2007 at 5:57 pm [...] fire fox tunnel Well, not sure, but I posted some howtos about how setup a tunnel through proxies to use a remote Tor-client [...] Reply 8. What you say! Blog of too many things says: October 11, 2007 at 10:22 am
6 of 14
7/11/2011 1:17 PM
[...] when the intarweb-connection (da tubez) is crippled, I just fire up some ssh-connection and use SOCKS over that ssh-connection tunneled through that ssh-connection. In that case I can tell all my local applications to use a [...] Reply 9. sham says: December 24, 2007 at 12:30 pm Im new to Tor but like many of you i am not comfortable with the idea of someone else using my details or anyone elses details for there own personal gain. I am IT literate and have been in the trade for about 15 years though i must say i am very new to Tor, i have a question that i hope someone can help me out on.. Is there a way to setup Microsoft Isa Server 2006 to use a Tor sever (running localy) as its proxy? what i am asking is is there a way to run the isa server via a Tor Proxy server and if so how can it be done please. Looking forward to hearing back from anyone that can point me in the right direction. Reply 10. William says: December 26, 2007 at 5:25 pm FoxyProxy is a newer firefox plugin. Its great, but the default Tor settings dont work. Use the directions above and FoxyProxy to switch between proxy settings. Reply 11. William says: December 26, 2007 at 5:34 pm Awesome guide! I found FoxyProxy which is an updated proxy switch extension. For my laptop I have 3 proxies, work->workproxy->web, work->home->tor->web, anywhereelse->tor->web. I can use all 3 proxy setting at the same time depending on what website im browsing, my company intranet, the web, or home intranet. Reply 12. Dr Small says: December 31, 2007 at 4:14 pm Excellent article. I am going to have to try this out for openssh :) Dr Small Reply 13. foxyproxy says: April 1, 2008 at 11:22 am therealdonquixote: 2. For some reason FoxyProxy has just crapped out on me
7 of 14
7/11/2011 1:17 PM
I was having the same problem, solved it by make a new firefoxprofile (close ff, start->run: firefox -P) and then it all worked just fine Reply 14. Yu says: September 15, 2008 at 11:02 am Hello! Would you find some time for me? It would be great! Now: I work on Ubuntu 7.10 and I have a well functioning bundle consisting of torbutton, FoxyProxy and Tor. I find myself comfortable make things working out via terminal Nevertheless, I believe that I miss a lot of basics, say know-how regarding what to do and where to do it. My aims: * install a Tor server and becoming a contributor * do the above steps (I have openssh-client installed and is it required a second computer?) but really I need a further explanation of the step-by-step procedure you indicated. Hope to hear from you soon. Regards. Reply 15. Natty says: September 16, 2008 at 11:52 pm Hi need some help. here are the basics 1: windows XP pro 2: running cygwin Openssh 3: running Tor with Tor Button 4: firefox 3 5: Putty Am trying to connect to my Openssh via putty on the same pc if i do succeed redirect my firefox settings to use socks settings to access the web thus encripting my web traffic. Problem I can not get putty to work i get the error Server unexpectedly closed network connection. { i have tried different ports still same results } Am wondering if Tor is conflicting with cygwin Openssh cousing putty to fault. ? Do you have any suggestions ?
8 of 14
7/11/2011 1:17 PM
I also tried on a next pc installed freesshd and created a domain with dns updater and pointed my putty to the user@com and am getting connection denied. any takes ? Am simply trying to secure my web browsing via ssl. I have no linux boxes Reply 16. Alexander W. Janssen says: September 17, 2008 at 12:29 am @Yu: Yes, you need a second computer. What is described in my procedure is the following: Imagine youre at work and you want access the Tor-network which is running on your computer at home. What you would do is setting up an SSH-server at home on the machine where Tor is running. You at work would dig a tunnel to that machine and service using the above mentioned procedure using putty on Windows. To answer your other question, if you want to install Tor, theres quite a good tutorial on the Tor website at: http://www.torproject.org/docs/tor-doc-unix.html.en If you still have problems, drop me a line. Good luck! Alex. Reply 17. Alexander W. Janssen says: September 17, 2008 at 12:48 am @Natty: OK, I understood your problem like this: You have Tor running locally on the same machine. You have a local OpenSSH-server in cygwin. You have a local Putty which you wanna connect to this OpenSSH-server. You want your Firefox3/Torbutton to use Putty to get access to the tunnel, resulting in a connection to the Tor-network. Is that right? I dont really understand why youre doing this, because this Howto is intended for people who have their Tor-server running elsewhere on the Internet and who are behind a proxy. If yes, you need to follow a special procedure. What happens in your case is that 1) Tor runs on port 9050 2) OpenSSH-server runs on port 22 3) Putty connects to 22 4) Putty wants a portforwarding from the remote port 9050 (which is local) and open a NEW port named 9050 on the same machine You cannot have the same port assigned to Tor (which is running anyway) and then to putty, to create a
9 of 14
7/11/2011 1:17 PM
new port! You need to do the following: 5) Choose an interims-port, like 9060, and let it connect to 9050 6) Start putty with that config 7) Let Firefox point to 9060 => Firefox sends to 9060 (putty), putty redirects to ssh (22), ssh redirects to Tor (9050). HOWTO DO: 8) Go to the config-panel and to Connection -> SSH -> Tunnels 9) Set Source Port to 9060 (thats where Firefox should connect to) 10) Set Destination to 127.0.0.1:9050 127.0.0.1 is your local machine, 9050 the port where Tor is locally listening on. If thats different, adapt it. 11) Check the Local radio-button 12) Press Add 13) Dont forget to save Thats pretty much it. Anyways, from all the comments I really need to adapt this Howto. I might be doing it this weekend. In the meanwhile, if you need further assistance, contact me via email (got the the About page on this blog). Good luck! Alex. Reply 18. poop says: September 23, 2008 at 8:34 am creative commons sucks, just put a c notice up and let the leeches steal it.. lol cuz they will anyway.the worse smart you sound the least they steal i notice Reply 19. - says: February 10, 2009 at 11:33 am [...] SSH [...] Reply 20. kain says: April 24, 2009 at 3:25 am Hi, very useful post, but my situation is quiet different, I need to connect to my machine at home (ssh port, 8181 and others) and my workplace have a proxy for web and I cant connect except to the web server, so the question is: Can I connect to my home machine with TOR u other program? machines home: Debian
10 of 14
7/11/2011 1:17 PM
Office: WinXP (putty, CRT, etc) Reply 21. DumbAss says: September 12, 2009 at 1:44 pm Hi, is it possible to set up a tor server behind a firewall and use SSH tunnel to bypass it so the tor server would be reachable? Reply Alexander W. Janssen says: February 21, 2010 at 1:16 am No, not if you want to run a server. The Tor-software in server-mode need to open up a bunch of ports which have to be accessible. Somthing a ssh-tunnel cant provide. Sorry! Alex. what about UNPN-patches to Tor and UPNP-patches to OpenSSH? :-) Gosh, thatd be awesome and quite frightening at the same time. Reply 22. Ubuntu 9.10: installare Tor+Privoxy+Vidalia six110@wordpress:~# says: January 8, 2010 at 8:43 pm [...] http://itnomad.wordpress.com/2006/09/28/tor-howto-using-tor-through-a-ssh-tunnel/ [...] Reply 23. A Maze of Twisty Passages | Roo-minations says: July 3, 2010 at 10:10 pm [...] these tools can now be combined with all sorts of other tunneling tools. For example, you could tunnel TOR traffic within SSH and then forward it across a DNS tunnel in order to bypass most content filters established on the networks to which you might be [...] Reply
Leave a Reply
11 of 14
7/11/2011 1:17 PM
Log In
Log In
Log In
Notify me of follow-up comments via email. Notify me of new posts via email.
Post Comment
Recent Posts
Piss Hero And the v6 keeps on rolling! UPDATE: Sony TV calls home, tells your MAC-address Maximum insanity scientists charged for not predicting earthquake NASA Appoints Constellation Program Managers
Recent Comments
vegivamp on Piss Hero Testing Assumptions about the Tor Network | Indolering Usability Engineering and Design on Tor madness reloaded DcProject on Dangerdeep 0.3.0 Release Candidate 3 available for testing Froschs Blog Blog Archive Polizeiterror gegen Betreiber von TOR-Exit-Node on Tor madness reloaded Froschs Blog Blog Archive Neue Zensurversuche on Tor madness reloaded
Category Cloud
BOINC
Distributed Computing
Geeky Fun
TOR
Law LBW
Journals Linuxbierwanderung
Space
Privacy rants Science Security Uncategorized
Misc Stuff
subscribe to this blog My Xing profile (subscribers only) http://del.icio.us/itnomad
12 of 14
7/11/2011 1:17 PM
Distributed Computing
BOINC Distributed.net Einstein@Home Einstein@Home: Team Special OffTopic Folding@Home LHC@Home Rosetta@Home SIMAP World Community Grid
Fellow Bloggers
darkfader Dave's Free Press Ich denke nicht Konnis kulinarische Monologe My Life Opinionated Bean rabenhorst TigerBluQ
games
Danger from the Deep The City of Altbier
HPC
Green500.org HPC Answers Supercomputing Online The Cluster Monkey The Cray Cyber Diary TOP500.org Blog West Coast Grid
Linuxbierwanderung
Dave's Free Press geeklawyer.org Liam Bedford Linuxbierwanderung Linuxbierwanderung 2006
13 of 14
7/11/2011 1:17 PM
Marytes Ramblings My Life
Organisations
Free Software Foundation Europe German UNIX User Group Gesellschaft fr Informatik HP User Society Linuxbierwanderung
Science
A Quantum Diaries Survivor NCSA News rose.blog
Tools
Pastebin Search Technorati Tag Generator Theme: Contempt by Vault9. Blog at WordPress.com.
14 of 14
7/11/2011 1:17 PM

TOR Howto - Using TOR Through A Ssh-Tunnel Blog of Too Many Things

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

TOR Howto - Using TOR Through A Ssh-Tunnel Blog of Too Many Things

Загружено:

Авторское право:

Доступные форматы

TOR howto: Using TOR through a ssh-tunnel Blog of too many things

Blog of too many things

TOR howto: Using TOR through a ssh-tunnel

CTRL+SHIFT+Del! And stay human.

24 Responses to TOR howto: Using TOR through a ssh-tunnel

Privacy rants Science Security Uncategorized

Marytes Ramblings My Life

Вам также может понравиться