Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: ssh tunneling via privoxy and tor

  1. #1
    elight
    Guest

    Default ssh tunneling via privoxy and tor

    I got setup with tor and privoxy today. I'm trying to ssh to my server over the internet via the tor network but I can't figure out how to tell ssh to use privoxy. I've been reading the man page for ssh but I still can't seem to figure it out.

    I think it's something along the lines of:

    ssh -L 127.0.0.1:5090:serverip:22

    5090 is the port privoxy runs on.

    Am I even close? I would really appreciate a bump in the right direction!

    Thanks,
    elight

    edit: To clarify, I basically want to to ssh to a remote host through a proxy server running on localhost:5090

  2. #2
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    2

    Default

    Generic:

    $ ssh -N -f -L <local_port>:<end_server>:<end_port> user@ssh_intermediary_server

    NOTE: if using auth. w/keys and no passwd, the last part (user@…) is not needed

    Example:

    $ ssh -f -N -L 8025:smtp.comcast.net:25 my_home_machine -L 8110:mail.comcast.net:110 my_home_machine

    allows me to use the email client on a laptop, pointing to localhost:8025 for SMTP services, and localhost:8110 for POP3 services associated with my Comcast account, w/out traversing “foreign” networks with clear text credentials.

    If moving between places, I would need to stop and restart the process. This could be as simple as:

    $ ps aux |grep ssh |grep -v grep |awk ‘{print $2}’ |xargs kill -9

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    The L command usually works something like this:

    SSH -L 5090:127.0.0.1:22 serverip

    however i have a feeling this wont work, as this will try to create a tunnel on port 5900 on your pc.... but privoxy is already on that

    i dont know privoxy well but isnt it really for web traffic? if its for content filtering etc then i see now reason to put ssh through it... apples and pears scenario no?

    edit
    also why use tor with ssh? i know one is encryption one is about being anonymous, but surely any sniffer can tell where the packet is bound for and therefore see who you ssh to? (disclaimer - I do not understand tor....as you can prob tell lol)
    &#119;&#116;&#102;&#63;

  4. #4
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    i dont know privoxy well but isnt it really for web traffic?
    Right, for ssh you don't need provoxy.

    You also may check out the tool tsocks or torsocks (which is a modification of tsocks).
    Don't eat yellow snow :rolleyes:

  5. #5

    Default

    there's this nice little proggy called "torify" try it

  6. #6
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by gromeo View Post
    there's this nice little proggy called "torify" try it
    Actually, torify is a simple wrapper that calls tsocks with a tor specific configuration file.
    Don't eat yellow snow :rolleyes:

  7. #7
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Woken up now so will put a few more words down.

    The SSH L command is:
    ssh -L PortOnMyPc:IpOnForeignNetwork:PortOnForeignNetwork destIP

    So to SSH L a website the command would prob be:

    SSH -L 8080:127.0.0.1:80 a.b.c.d

    (for this to work the web service on the a.b.c.d. machine must be listening on 127.0.0.1, not always the case)

    This will create a tunnel from your PC to the machine a.b.c.d. The tunnel starts on your machine on 8080, and will 'fire' the data off to appear on the 'a.b.c.d' machine and go to port 80.

    So in this the SSH on your machine is tied (bound) to port 8080

    So then you point your web browser to http://127.0.0.1:8080 the web request will then appear on the other server (magically) and be directed to port 80.

    Apologies if you already knew this, just putting it in for completeness.

    The reason why I think yours will fail is that if you try that command then SSH will try to bind to 5090 as the opening part of the tunnel.... however your other service is already using this, so ssh will say something like 'unable to bind to port'

    It also looks like you are trying to direct traffic to port 22 on a.b.c.d, well unless you specify the dest port (using the -p switch) you are already connecting the tunnel to port 22, Im not sure of the implications of having your SSH tunnel go to 22, then point the traffic exiting the tunnel to 22, admittedly your data is now going to port 22 from an internal address and not form an external address, but no idea what that would do.

    There is a -D flag in ssh which you can specify which local IPort SSH should bind to, but again, if privoxy is already using this port not sure how to get around it.

    I hope this is comprehensible (and accurate lol)
    &#119;&#116;&#102;&#63;

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I don't believe you will be able to SSH over TOR directly without utilizing some additional piece of software. Google seems to return quite a few hits on how to properly set this up, including this one:
    http://www.security-hacks.com/2007/0...sh-through-tor
    -Monkeys are like nature's humans.

  9. #9
    elight
    Guest

    Default

    I haven't been to sleep yet so I apoliogize if I misunderstood anyone. What I'm trying to achieve is anonymous root access via ssh to a remote server(i.e. over the internet). I want to stress that this is my own personal server I'm trying to access, I'm not trying to go to jail! I have a proxy server running on localhost:5090 which sends all outgoing data through the tor network(the tor network basically sends data through multiply machines, encrypted the whole trip until it reaches its destination). I guess what I want is this:

    ssh to send data throught localhost:5090 to remotehost.com

    Thank you for all the responses. I'm doing my best to learn from you all!

  10. #10
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Wink wow!

    how about corkscrew?

    I think this is what do you looking for...

    www[dot]mtu.net/~engstrom/ssh-proxy[dot]php
    www[dot]agroman[dot]net/corkscrew/

    cya

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •