configure/verify SSH connect thru Squid+Privoxy+Tor?
OpenMacNews
OpenMacNews at speakeasy.net
Tue Aug 30 17:51:42 UTC 2005
hi all,
i've a proxy gateway configured with Squid + Privxy + Tor for anonymized
surfing/connection.
works fine-n-dandy for web browsing.
now i'd LIKE to SSH to a remote shell with:
pubkey session authentication
routing via the Tor OR network
SSL end-to-end encryption of the stream
the question is HOW?
a simple:
ssh -l USER -L 8888:FQDN_OF_PROXY:8888 fqdn.of.target
connects, but seems to be INSENSITIVE to the <port> spec'n -- i.e., ANYTHING
seems to work ...
i HAVE read in the FAQ (see, i CAN be trained!) about/around:
"If you would like to enable a non-SSL client ... to connect to a server
through Tor using SSL or TLS, you can use sslredir."
"Our first answer is "then use end-to-end encryption such as SSL", which is
great but not always practical."
"If you want to use a service directly through the SOCKS interface (eg. ssh
via connect.c), you'll probably have to set up an internal mapping in your
configuration file using MapAddress"
but, frankly, in general, and given that I've added Squid to the mix ... I'm
not at all certain how to
(a) properly configure the SSH connect to use Tor, and
(b) verify that the SSH session DID route through the OR network
(unlike, e.g., using showmyip.com for web browsing ...)
in my config, squid listens on:
http_port 10.0.0.6:8888
http_port 127.0.0.1:8888
and forces connects to privoxy as a cahce_peer:
acl Divert myport 8888
cache_peer 127.0.0.1 parent 8118 7 no-query default
never_direct allow Divert
where privoxy is listening/forwarding on:
listen-address 127.0.0.1:8118
permit-access 127.0.0.1
forward-socks4a / 127.0.0.1:9050 .
and Tor catches the pass with:
SocksPort 9050
SocksBindAddress 127.0.0.1:9050
SocksPolicy accept 127.0.0.1
SocksPolicy reject *
thx.
cheers,
richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050830/df8081f4/attachment.pgp>
More information about the tor-talk
mailing list