configure/verify SSH connect thru Squid+Privoxy+Tor?

OpenMacNews OpenMacNews at speakeasy.net
Tue Aug 30 17:51:42 UTC 2005


hi all,

i've a proxy gateway configured with Squid + Privxy + Tor for anonymized 
surfing/connection.

works fine-n-dandy for web browsing.

now i'd LIKE to SSH to a remote shell with:

    pubkey session authentication
    routing via the Tor OR network
    SSL end-to-end encryption of the stream

the question is HOW?

a simple:

    ssh -l USER -L 8888:FQDN_OF_PROXY:8888 fqdn.of.target

connects, but seems to be INSENSITIVE to the <port> spec'n -- i.e., ANYTHING 
seems to work ...

i HAVE read in the FAQ (see, i CAN be trained!) about/around:

    "If you would like to enable a non-SSL client ... to connect to a server 
through Tor using SSL or TLS, you can use sslredir."
    "Our first answer is "then use end-to-end encryption such as SSL", which is 
great but not always practical."
    "If you want to use a service directly through the SOCKS interface (eg. ssh 
via connect.c), you'll probably have to set up an internal mapping in your 
configuration file using MapAddress"

but, frankly, in general, and given that I've added Squid to the mix ... I'm 
not at all certain how to
        (a) properly configure the SSH connect to use Tor, and
        (b) verify that the SSH session DID route through the OR network 
(unlike, e.g., using showmyip.com for web browsing ...)

in my config, squid listens on:

    http_port         10.0.0.6:8888
    http_port         127.0.0.1:8888

and forces connects to privoxy as a cahce_peer:

    acl Divert        myport        8888
    cache_peer                      127.0.0.1 parent 8118 7 no-query default
    never_direct      allow         Divert

where privoxy is listening/forwarding on:

    listen-address    127.0.0.1:8118
    permit-access     127.0.0.1
    forward-socks4a / 127.0.0.1:9050 .

and Tor catches the pass with:

    SocksPort 9050
    SocksBindAddress 127.0.0.1:9050
    SocksPolicy accept 127.0.0.1
    SocksPolicy reject *

thx.

cheers,

richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050830/df8081f4/attachment.pgp>


More information about the tor-talk mailing list