From 8265304677d2923376ba2215c91c79a25ca5596a Mon Sep 17 00:00:00 2001 From: Stuart Date: Mon, 10 Feb 2025 20:14:20 +0100 Subject: [PATCH] Moved SSH-Tor to Misc section as it's really needed and not mandatory. Added warning. Implicit instructions only. --- site/source/misc-guides/index.rst | 1 + site/source/misc-guides/ssh-tor.rst | 105 ++++++++++++++++++++++++++++ site/source/user-manual/ssh.rst | 100 +------------------------- 3 files changed, 107 insertions(+), 99 deletions(-) create mode 100644 site/source/misc-guides/ssh-tor.rst diff --git a/site/source/misc-guides/index.rst b/site/source/misc-guides/index.rst index 36f17ab..41cc06c 100644 --- a/site/source/misc-guides/index.rst +++ b/site/source/misc-guides/index.rst @@ -10,6 +10,7 @@ Guides that do not fit into the categories of "devices" or "services." ca-ff tor-ff + ssh-tor attach-drive transfer-data upgrade-pi diff --git a/site/source/misc-guides/ssh-tor.rst b/site/source/misc-guides/ssh-tor.rst new file mode 100644 index 0000000..88c7742 --- /dev/null +++ b/site/source/misc-guides/ssh-tor.rst @@ -0,0 +1,105 @@ +.. _ssh-tor: + +====================== +Using SSH Over Tor +====================== + +.. note:: The following guide requires that you have already added an :ref:`SSH key to your server`. + +.. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this `_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``. + +.. note:: You might not need to complete this guide if you have already :ref:`set up SSH` on your server and you have regular access to your local network. SSH over Tor is for those who may be away from their server for a long time, who regularly access it over Tor rather than a VPN, and think they may need to do some heavy debugging while away. + +Configure StartOS server: +......................... + + .. warning:: After each server reboot, a new .onion address will be generated, rendering the old one inactive. + + #. SSH into your server. + + .. code-block:: + + ssh start9@.local + + #. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots: + + .. code-block:: + + sudo /usr/lib/startos/scripts/chroot-and-upgrade + + #. Add these two lines to ``/etc/tor/torrc`` + + *HiddenServiceDir /var/lib/tor/ssh* + + *HiddenServicePort 22 127.0.0.1:22* + + With the following command... + + .. code-block:: + + echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc + + #. Restart your Start9 server by exiting chroot edit mode: + + .. code-block:: + + exit + + #. SSH in to your Start9 server again and gather the ".onion" address that was generated: + + .. code-block:: + + sudo cat /var/lib/tor/ssh/hostname + + .. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server. + +Configure local SSH client +.......................... + +.. tabs:: + + .. group-tab:: Linux + + #. Install ``torsocks`` dependency. + + Debian / Ubuntu + + .. code-block:: + + sudo apt install torsocks + + Arch / Garuda / Manjaro + + .. code-block:: + + sudo pacman -S torsocks + + #. Run this command to set up your SSH config file to work with .onion domains. + + .. code-block:: + + echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config + + .. Note:: You only need to run this command only once to set up the SSH Over Tor configuration. + + .. group-tab:: macOS + + #. Run this command to set up your SSH config file to work with .onion domains. + + .. code-block:: + + echo -e "\nHost *.onion\n ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p" >> ~/.ssh/config + + .. Note:: You only need to run this command only once to set up the SSH Over Tor configuration. + + +SSH Over Tor +............ + +To log in, simply use the following command, using the ".onion" hostname you printed above: + + .. code-block:: + + ssh start9@xxxxxxxxxxxxxxxxx.onion + + diff --git a/site/source/user-manual/ssh.rst b/site/source/user-manual/ssh.rst index 94572f8..dc02644 100644 --- a/site/source/user-manual/ssh.rst +++ b/site/source/user-manual/ssh.rst @@ -121,102 +121,4 @@ Connecting via PuTTY on Windows Following the commands above for Windows will get you in. However, if you prefer a GUI tool, `BrewsBitcoin `_ has created `a guide for connecting via SSH using PuTTY on Windows. `_ -Using SSH Over Tor ------------------- - -.. note:: The following guide requires that you have already added an :ref:`SSH key to your server`. - -.. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this `_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``. - -Configure StartOS server: -......................... - - .. warning:: After each server reboot, a new .onion address will be generated, rendering the old one inactive. - - #. SSH into your server. - - .. code-block:: - - ssh start9@.local - - #. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots: - - .. code-block:: - - sudo /usr/lib/startos/scripts/chroot-and-upgrade - - #. Using Vim or Nano, add the following 2 lines to ``/etc/tor/torrc`` - - .. code-block:: - - HiddenServiceDir /var/lib/tor/ssh - HiddenServicePort 22 127.0.0.1:22 - - .. tip:: You can also add these lines by running the following command: - - .. code-block:: - - echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc - - #. Restart your Start9 server by exiting chroot edit mode: - - .. code-block:: - - exit - - #. SSH in to your Start9 server again and gather the ".onion" address that was generated: - - .. code-block:: - - sudo cat /var/lib/tor/ssh/hostname - - .. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server. - -Configure local SSH client -.......................... - -.. tabs:: - - .. group-tab:: Linux - - #. Install ``torsocks`` dependency. - - Debian / Ubuntu - - .. code-block:: - - sudo apt install torsocks - - Arch / Garuda / Manjaro - - .. code-block:: - - sudo pacman -S torsocks - - #. Run this command to set up your SSH config file to work with .onion domains. - - .. code-block:: - - echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config - - .. Note:: You only need to run this command only once to set up the SSH Over Tor configuration. - - .. group-tab:: macOS - - #. Run this command to set up your SSH config file to work with .onion domains. - - .. code-block:: - - echo -e "\nHost *.onion\n ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p" >> ~/.ssh/config - - .. Note:: You only need to run this command only once to set up the SSH Over Tor configuration. - - -SSH Over Tor -............ - -To log in, simply use the following command, using the ".onion" hostname you printed above: - - .. code-block:: - - ssh start9@xxxxxxxxxxxxxxxxx.onion +.. note:: If you need SSH access to your server over Tor you can :ref:`follow this guide`. \ No newline at end of file