Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-30 12:11:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh-tor-fix

Browse Source
This commit is contained in:
13Homer13
2024-04-30 16:03:42 +02:00
parent 339ad1fc1b
commit ed7e4fceb7
3 changed files with 67 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
site/source/_static/images/walkthrough/ssh-add-key.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 190 KiB

BIN
site/source/_static/images/walkthrough/ssh_key_add.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 30 KiB

122
site/source/user-manual/ssh.rst
View File

@@ -16,7 +16,7 @@ Creating an SSH Key
#. Open a terminal and enter the following command: #. Open a terminal and enter the following command:
.. code-block:: bash .. code-block::
ssh-keygen -t ed25519 ssh-keygen -t ed25519
@@ -28,19 +28,19 @@ Creating an SSH Key
#. It will inform you that your public key has been saved. Take note of this path: #. It will inform you that your public key has been saved. Take note of this path:
.. code-block:: bash .. code-block::
Your public key has been saved in /home/user/.ssh/id_ed25519.pub Your public key has been saved in /home/user/.ssh/id_ed25519.pub
#. Next, start your system's ``ssh-agent``: #. Next, start your system's ``ssh-agent``:
.. code-block:: bash .. code-block::
eval "$(ssh-agent -s)" eval "$(ssh-agent -s)"
#. Now add your key to it: #. Now add your key to it:
.. code-block:: bash .. code-block::
ssh-add ~/.ssh/id_ed25519 ssh-add ~/.ssh/id_ed25519
@@ -57,31 +57,32 @@ Registering an SSH Key
On Mac simply copy your key to clipboard by typing the following into a terminal: On Mac simply copy your key to clipboard by typing the following into a terminal:
.. code-block:: bash .. code-block::
pbcopy < ~/.ssh/id_ed25519.pub pbcopy < ~/.ssh/id_ed25519.pub
On Linux: On Linux:
.. code-block:: bash .. code-block::
cat ~/.ssh/id_ed25519.pub cat ~/.ssh/id_ed25519.pub
On Windows: On Windows:
.. code-block:: bash .. code-block::
type .ssh\id_ed25519.pub type .ssh\id_ed25519.pub
Copy the whole resulting line that looks similar to: Copy the whole resulting line that looks similar to:
.. code-block:: bash .. code-block::
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINH3tqX71XsPlzYhhoo9CqAP2Yx7gsGTh43bQXr1zqoq user@ema.il ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINH3tqX71XsPlzYhhoo9CqAP2Yx7gsGTh43bQXr1zqoq user@ema.il
#. Paste that line into the `Add New Key` text field #. Paste that line into the `Add New Key` text field
.. figure:: /_static/images/walkthrough/ssh_key_add.jpg .. figure:: /_static/images/walkthrough/ssh-add-key.png
:width: 50%
#. Click **Submit** #. Click **Submit**
@@ -94,7 +95,7 @@ Connecting via CLI
#. You can now access your Start9 server from the command line (Linux and Mac) using: #. You can now access your Start9 server from the command line (Linux and Mac) using:
.. code-block:: bash .. code-block::
ssh start9@SERVER-HOSTNAME ssh start9@SERVER-HOSTNAME
@@ -127,81 +128,92 @@ Using SSH Over Tor
.. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this <https://tor.stackexchange.com/a/143>`_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``. .. caution:: SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY `like this <https://tor.stackexchange.com/a/143>`_. Note that those instructions use port 9150 but we've configured Tor in Windows on the traditional port: ``9050``.
Setup Configure StartOS server:
..... .........................
#. First, you'll need one dependency, ``torsocks``, which will allow you to use SSH over Tor on the machine that you want access with. Select your Linux flavor to install: .. warning:: After each server reboot, a new .onion address will be generated, rendering the old one inactive.
.. tabs:: #. SSH into your server.
.. group-tab:: Debian / Ubuntu .. code-block::
.. code-block:: bash ssh start9@<custom-address>.local
sudo apt install torsocks #. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots:
.. group-tab:: Arch / Garuda / Manjaro .. code-block::
.. code-block:: bash sudo /usr/lib/startos/scripts/chroot-and-upgrade
sudo pacman -S torsocks #. Using Vim or Nano, add the following 2 lines to ``/etc/tor/torrc``
#. SSH in: .. code-block::
.. warning:: The changes you make here are on the overlay and won't persist after a restart of your server. HiddenServiceDir /var/lib/tor/ssh
HiddenServicePort 22 127.0.0.1:22
.. code-block:: bash .. tip:: You can also add these lines by running the following command:
ssh start9@<custom-address>.local .. code-block::
#. Elevate yourself to root in chroot edit mode (which will make your changes persist across reboots):
.. code-block:: bash
sudo /usr/lib/startos/scripts/chroot-and-upgrade
#. Using Vim or Nano, add the following 2 lines to ``/etc/tor/torrc``
.. code-block:: bash
HiddenServiceDir /var/lib/tor/ssh
HiddenServicePort 22 127.0.0.1:22
.. tip:: You can also add these lines by running the following command:
.. code-block:: bash
echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
#. Restart your Start9 server by exiting chroot edit mode: #. Restart your Start9 server by exiting chroot edit mode:
.. code-block:: bash .. code-block::
exit exit
#. SSH in to your Start9 server again and gather the ".onion" address that was generated: #. SSH in to your Start9 server again and gather the ".onion" address that was generated:
.. code-block:: bash .. code-block::
sudo cat /var/lib/tor/ssh/hostname sudo cat /var/lib/tor/ssh/hostname
.. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server. .. note:: Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server.
Configure local SSH client Configure local SSH client
.......................... ..........................
#. You'll need to add the following configuration to your SSH config file, which will allow you to use SSH over Tor on any Unix-based system: .. tabs::
.. code-block:: bash .. group-tab:: Linux
echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config #. Install ``torsocks`` dependency.
This command adds a wildcard setting for .onion domains to your SSH config file. Any .onion domains you connect to using SSH will use the specified proxy command. Debian / Ubuntu
Note: You only need to run this command only once to set up the SSH Over Tor configuration. .. code-block::
Access sudo apt install torsocks
======
Arch / Garuda / Manjaro
.. code-block::
sudo pacman -S torsocks
#. Run this command to set up your SSH config file to work with .onion domains.
.. code-block::
echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
.. group-tab:: macOS
#. Run this command to set up your SSH config file to work with .onion domains.
.. code-block::
echo -e "\nHost *.onion\n ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p" >> ~/.ssh/config
.. Note:: You only need to run this command only once to set up the SSH Over Tor configuration.
SSH Over Tor
............
To log in, simply use the following command, using the ".onion" hostname you printed above: To log in, simply use the following command, using the ".onion" hostname you printed above: