My SSH Trick

10 hours of jetlag and rainy afternoon naps don’t mix. It’s 2 minutes to 2AM here in Provo, UT and I can’t sleep so I’m blogging.

I want to ssh into a machine that doesn’t have any external IP. In the case of my situation at home, I get a 192.168… IP from my ISP because of a shared connection. In other cases, I have VM’s with natted IP’s that also have no direct way in.

I could pay for a VPN service and vpn into these machines, but instead I’m using a free way of doing it. I use Tor.

Here’s how it works, the Tor service reaches out to the Tor network and is listening on port 22 (or whatever port I choose for ssh) for incoming requests. I use “torsocks ssh zzzzzzzzz.onion” from my laptop and I am in. This bypasses the external internet and gives me a pretty secure route from my laptop to my home machine only via Tor.

Here’s how I set it up with OpenSUSE

On your remote or inaccessible server:

$ sudo zypper in tor

This installs the tor service and the torsocks proxy app.

$ sudo vim /etc/tor/torrc

Uncomment the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22
$sudo systemctl start tor

The service is now started and you should have a new .onion address

$ cat /var/lib/tor/hidden_service/hostname

On your local machine/laptop/etc:

$ sudo zypper in tor
$ sudo systemctl start tor
$ torsocks ssh xxxxxxxxx.onion

This is a cool trick. Of course you can use it on any server/VM/etc even if they do have accessible IP’s. In those cases, I suggest that you close the firewall on port 22 and allow it to be only accessible via Tor. There is no need to have extra ports open to the internet.

Using Tor is a great way to add security to your network communication. In addition to the SSH encryption, the packets have additional encryption due to the nature of how Tor works.

About privacy. You also benefit from the inherent privacy of the Tor network which you might not get if you believe that your ISP, etc is gathering data on it’s users. If they are monitoring packets are that interested, they can probably see that you are using Tor but they can’t see what you are doing or where you are connecting. Is it more or less private that using the Tor Browser? I don’t know. It’s worth looking into. My feeling is that since ssh is low-bandwidth, has no possible extra problems that browsers have such as javascript, vulnerabilities, etc. it probably is as safe or safer.

Anyway, I hope this helps people out if you’re like me and have to make do with an ISP that makes using the web just a little harder.

One last thing. Tor is more laggy than a straight connection. You’re not doing anything wrong, it’s just a side-effect of how this all works.


How I Would Use OS to Solve a Problem in the World

Ben Heck is sponsoring a contest for a Raspberry Pi Laptop.

Here’s my entry.

Privacy, security, and information.

These are three things that any responsible internet user should be aware of. This includes the privacy of personal information ranging from personal tastes to financial information; security for everything from phone photos to government spying; and the ability to share information that we want with whom we want without restriction. Linux and open source are the prime means by which these things happen; but that’s not all. It also requires a grassroots efforts to educate and convince people to use new technologies and not simply follow the path of least resistance.

For example:

Privacy: Big data harvests everything about our lives and we should have the ability to opt out. More works needs to go into this but it has to come from the open source community who doesn’t have vested interests in getting advertising revenue.

Security: The DNC leaks to Wikileaks would never have happened if the DNC had a firm policy within their ranks to only allow official internal emails that are encrypted with GnuPG. Any hacks would have resulted in thousands of encrypted emails which could not have been easily leaked. What needs to happen next is that we need to get people to use this technology and to make the technology easier to use.  Projects like enigmail in Thunderbird are great but they are not easy for the un-saavy computer user to use. There is no excuse for shoddy security but it does explain why people on an individual level don’t adopt them more readily. Projects like GnuPG need to grow and evolve and from there become a part of our daily internet lives.

Information: What do you do when the things that you want to know and share are restricted by government regimes and overzealous lawmakers? You find new ways to share information. Projects like Tor get a bad wrap for being the means by which some truly evil people share pictures of abused children; but it’s also how people in countries and Iran, Syria, China, and others get information out. Projects like Tor need increased funding, visibility, and volunteers to keep it free and secure from any and all government and corporate meddling. If we’re not free to share our ideas then we aren’t free.

The challenge was to you how I would use Linux or Open Source to solve a problem in the world. I gave you three real world problems that can best be solved with Linux and open source software. I hope someone reads this and finds the suggestions to be things that the want to help with.