Torrific Ssh

Scripts to configure SSH hidden service and client connections

---

• ⬆️ Top of Document

• 🏗️ Requirements

• ⚡ Quick Start

• 🗒 Notes

• 📇 Attribution

• ⚖️ Licensing

---

Requirements

The Tor service must be installed prior to utilizing this project on both server and client devices, eg. for Debian based distributions installation may be a easy as...

sudo apt-get install tor

---

Client devices should also install socat to proxy connections over Tor Socks port

sudo apt-get install socat

---

This repository makes use of Git Submodules to track script run-time dependencies, to avoid incomplete downloads clone with the --recurse-submodules option...

git clone --recurse-submodules [email protected]:paranoid-linux/torrific-ssh.git

To update tracked Git Submodules issue the following commands...

git pull

git submodule update --init --merge --recursive

To force upgrade of Git Submodules...

git submodule update --init --merge --recursive --remote

Note, forcing and update of Git Submodule tracked dependencies may cause instabilities and/or merge conflicts; if however everything operates as expected after an update please consider submitting a Pull Request.

---

Quick Start

Clone this project and the submodules that it depends upon...

git clone --recurse-submodules [email protected]:paranoid-linux/torrific-ssh.git

Change current working directory...

cd torrific-ssh

Use -h or --help option to list available command-line parameters...

sudo ./torrific-ssh-server.sh --help

On the server configure Tor hidden service for SSH via torrific-ssh-server.sh script...

sudo ./torrific-ssh-server.sh --client='pi'

Note, setting up the server within a Docker container is now possible via...

docker run --name torrific-ssh --client 'pi'

On each client device configure via torrific-ssh-client.sh script...

sudo ./torrific-ssh-client.sh --host-name="yourgeneratedaddress.onion"\
                              --auth="S0meLet7er5AndNumbers"\
                              --identity-file='~/.ssh/id_rsa'\
                              'pi'

Test that connection can be established on each client device...

ssh tor-pi

---

Notes

Configurations for SSH server may be further customized via torrific-ssh-server.sh script, eg...

sudo ./torrific-ssh-server.sh --torrc='/etc/tor/torrc'\
  --tor-lib-dir='/var/lib/tor'\
  --tor-port='2222'\
  --service-port='22'\
  --client-names='first-client,second-client,third-client'\
  ssh_server

... and via torrific-ssh-client.sh script there are additional optional configuration options, eg...

sudo ./torrific-ssh-client.sh --host-name="yourgeneratedaddress.onion"\
  --auth="S0meLet7er5AndNumbers"\
  --torrc='/etc/tor/torrc'\
  --identity-file='~/.ssh/id_rsa'\
  --ssh-config='~/.ssh/config'\
  --ssh-host='tor-pi'\
  --port='2222'
  'pi'

---

Pull Requests are certainly welcomed if bugs are found or new features are wanted.

---

Attribution

• GitHub -- github-utilities/make-readme

• Reddit -- Creating an undiscoverable Tor hidden service

• Medium -- How to SSH over Tor Onion service

• Tor StackExchange -- How to use hidden service authentication

• Tor StackExchange -- using hidservauth

• Tor Project Community -- Onion Services setup

---

License

Scripts to configure SSH hidden service and client connections
Copyright (C) 2020 S0AndS0

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

For further details review full length version of AGPL-3.0 License.