mirror of
https://github.com/Start9Labs/documentation.git
synced 2026-03-26 02:11:55 +00:00
Moved SSH-Tor to Misc section as it's really needed and not mandatory. Added warning. Implicit instructions only.
This commit is contained in:
Stuart
@@ -10,6 +10,7 @@ Guides that do not fit into the categories of "devices" or "services."
|
||||
|
||||
ca-ff
|
||||
tor-ff
|
||||
ssh-tor
|
||||
attach-drive
|
||||
transfer-data
|
||||
upgrade-pi
|
||||
|
||||
105
site/source/misc-guides/ssh-tor.rst
Normal file
105
site/source/misc-guides/ssh-tor.rst
Normal file
@@ -0,0 +1,105 @@
|
||||
.. _ssh-tor:
|
||||
|
||||
======================
|
||||
Using SSH Over Tor
|
||||
======================
|
||||
|
||||
.. note:: The following guide requires that you have already added an :ref:`SSH key to your server<ssh>`.
|
||||
|
||||
.. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this <https://tor.stackexchange.com/a/143>`_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``.
|
||||
|
||||
.. note:: You might not need to complete this guide if you have already :ref:`set up SSH<ssh>` on your server and you have regular access to your local network. SSH over Tor is for those who may be away from their server for a long time, who regularly access it over Tor rather than a VPN, and think they may need to do some heavy debugging while away.
|
||||
|
||||
Configure StartOS server:
|
||||
.........................
|
||||
|
||||
.. warning:: After each server reboot, a new .onion address will be generated, rendering the old one inactive.
|
||||
|
||||
#. SSH into your server.
|
||||
|
||||
.. code-block::
|
||||
|
||||
ssh start9@<custom-address>.local
|
||||
|
||||
#. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots:
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo /usr/lib/startos/scripts/chroot-and-upgrade
|
||||
|
||||
#. Add these two lines to ``/etc/tor/torrc``
|
||||
|
||||
*HiddenServiceDir /var/lib/tor/ssh*
|
||||
|
||||
*HiddenServicePort 22 127.0.0.1:22*
|
||||
|
||||
With the following command...
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
|
||||
|
||||
#. Restart your Start9 server by exiting chroot edit mode:
|
||||
|
||||
.. code-block::
|
||||
|
||||
exit
|
||||
|
||||
#. SSH in to your Start9 server again and gather the ".onion" address that was generated:
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo cat /var/lib/tor/ssh/hostname
|
||||
|
||||
.. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server.
|
||||
|
||||
Configure local SSH client
|
||||
..........................
|
||||
|
||||
.. tabs::
|
||||
|
||||
.. group-tab:: Linux
|
||||
|
||||
#. Install ``torsocks`` dependency.
|
||||
|
||||
Debian / Ubuntu
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo apt install torsocks
|
||||
|
||||
Arch / Garuda / Manjaro
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo pacman -S torsocks
|
||||
|
||||
#. Run this command to set up your SSH config file to work with .onion domains.
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config
|
||||
|
||||
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
|
||||
|
||||
.. group-tab:: macOS
|
||||
|
||||
#. Run this command to set up your SSH config file to work with .onion domains.
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHost *.onion\n ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p" >> ~/.ssh/config
|
||||
|
||||
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
|
||||
|
||||
|
||||
SSH Over Tor
|
||||
............
|
||||
|
||||
To log in, simply use the following command, using the ".onion" hostname you printed above:
|
||||
|
||||
.. code-block::
|
||||
|
||||
ssh start9@xxxxxxxxxxxxxxxxx.onion
|
||||
|
||||
|
||||
@@ -121,102 +121,4 @@ Connecting via PuTTY on Windows
|
||||
|
||||
Following the commands above for Windows will get you in. However, if you prefer a GUI tool, `BrewsBitcoin <https://brewsbitcoin.com>`_ has created `a guide for connecting via SSH using PuTTY on Windows. <https://medium.com/@brewsbitcoin/ssh-to-start9-embassy-from-windows-4a4e17891b5a>`_
|
||||
|
||||
Using SSH Over Tor
|
||||
------------------
|
||||
|
||||
.. note:: The following guide requires that you have already added an :ref:`SSH key to your server<ssh>`.
|
||||
|
||||
.. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this <https://tor.stackexchange.com/a/143>`_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``.
|
||||
|
||||
Configure StartOS server:
|
||||
.........................
|
||||
|
||||
.. warning:: After each server reboot, a new .onion address will be generated, rendering the old one inactive.
|
||||
|
||||
#. SSH into your server.
|
||||
|
||||
.. code-block::
|
||||
|
||||
ssh start9@<custom-address>.local
|
||||
|
||||
#. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots:
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo /usr/lib/startos/scripts/chroot-and-upgrade
|
||||
|
||||
#. Using Vim or Nano, add the following 2 lines to ``/etc/tor/torrc``
|
||||
|
||||
.. code-block::
|
||||
|
||||
HiddenServiceDir /var/lib/tor/ssh
|
||||
HiddenServicePort 22 127.0.0.1:22
|
||||
|
||||
.. tip:: You can also add these lines by running the following command:
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
|
||||
|
||||
#. Restart your Start9 server by exiting chroot edit mode:
|
||||
|
||||
.. code-block::
|
||||
|
||||
exit
|
||||
|
||||
#. SSH in to your Start9 server again and gather the ".onion" address that was generated:
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo cat /var/lib/tor/ssh/hostname
|
||||
|
||||
.. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server.
|
||||
|
||||
Configure local SSH client
|
||||
..........................
|
||||
|
||||
.. tabs::
|
||||
|
||||
.. group-tab:: Linux
|
||||
|
||||
#. Install ``torsocks`` dependency.
|
||||
|
||||
Debian / Ubuntu
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo apt install torsocks
|
||||
|
||||
Arch / Garuda / Manjaro
|
||||
|
||||
.. code-block::
|
||||
|
||||
sudo pacman -S torsocks
|
||||
|
||||
#. Run this command to set up your SSH config file to work with .onion domains.
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config
|
||||
|
||||
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
|
||||
|
||||
.. group-tab:: macOS
|
||||
|
||||
#. Run this command to set up your SSH config file to work with .onion domains.
|
||||
|
||||
.. code-block::
|
||||
|
||||
echo -e "\nHost *.onion\n ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p" >> ~/.ssh/config
|
||||
|
||||
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
|
||||
|
||||
|
||||
SSH Over Tor
|
||||
............
|
||||
|
||||
To log in, simply use the following command, using the ".onion" hostname you printed above:
|
||||
|
||||
.. code-block::
|
||||
|
||||
ssh start9@xxxxxxxxxxxxxxxxx.onion
|
||||
.. note:: If you need SSH access to your server over Tor you can :ref:`follow this guide<ssh-tor>`.
|
||||
Reference in New Issue
Block a user