5

I rent a paid VPS hosted online and want to transform it to a sort of treasure chest where I can upload and download files privately. For this purpose I want to do this operation over the Tor network. This is done automatically when you download something with the Tor Browser Bundle but it seems impossible to do with SSH.

Is there any solution to my problem ?

Note : I am aware of SCP and SFTP but it seems that you have to specify your personal IP address when downloading.

EDIT : Thanks @Begueradj and @mikeazo but I know well how to torify an application, my problem is actually to download files using this torify ssh session. If I am connected to the VPS via ssh and want to download a file called file.txt then Would scp login@server:Remote_Path_To/File Local_Path_To/File be sufficient or do I have to specify my private ip adress ?

cgcmake
  • 488
  • 1
  • 4
  • 8
  • Have you tried this: https://www.howtoforge.com/anonymous-ssh-sessions-with-tor – mikeazo Sep 01 '15 at 12:02
  • 7
    Be aware that SSH will try all public keys first for authentication, which can blow your identity. Authentication and privacy are pretty hard to get together. – Riking Sep 01 '15 at 16:59
  • To answer your edit, yes it should be, you should not need to supply your private IP. Torifying a connection will connect to your server via random TOR proxies. SCP (Secure Copy) should allow you to authenticate to your server an transfer files to it. This would transfer any files locally, to your server, securely, through a torified connection. – Shane Andrie Sep 01 '15 at 16:59
  • @Riking I don't understand, my public key is hosted on my vps, why would ssh try all public keys before authentification ? – cgcmake Sep 01 '15 at 19:30
  • 2
    Friendly reminder of a tangential issue: Your VPS provider has full theoretical access to your data. If it's sensitive enough to want to SSH in via Tor, perhaps you also want to ensure you only keep encrypted on the VPS and do all en/de-cryption on your local machine. – Anko Sep 01 '15 at 20:07
  • The method I linked to should also automatically torify scp, so you don't need to specify your private ip address. – mikeazo Sep 01 '15 at 20:12
  • 2
    What exactly is your threat model here? Are you assuming a hostile ISP or VPS, or both? By "private", do you mean anonymous, confidential or both? – Anko Sep 01 '15 at 20:16
  • @Rinking Could you develop : I think it would be helpful for a great number of people – cgcmake Sep 02 '15 at 13:09

2 Answers2

7

If you are Windows OS, there is a way to use torify your SSH using Putty client. Here are the configurations you need to set:

enter image description here

If you are using a Linux distribution, it depends on which one you are using.

For example, if you are runnin Ubuntu you can (How to use SSH with Tor?):

Add the following block to the top of your ~/.ssh/config file.

Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Check the original documentation of the quoted answer.

In all cases, I advice you to read the How To Torify section (SSH).

Community
  • 1
1

You can also use Tor's hidden services. So first you set up a server where you can up- and download files. This can be a SSH, SFTP, FTP, WebDAV etc. server. Just use the one you like most.

Install Tor on your VPS as a second step and change the torrc:

HiddenServiceDir /var/lib/tor/fileserver
HiddenServicePort VIRTPORT 127.0.0.1:REALPORT

The VIRTPORT is one you choose and REALPORT is the port where your application listens for connections. Tor connects both ports. So when you connect to your hidden service on VIRTPORT Tor requests and forwards information from and to the REALPORT.

After you've made those settings, restart Tor and in the directory /var/lib/tor/fileserver you'll find a file called hostname. This is the address of your hidden service. You can now connect to it and use it completely over the Tor network.

Make sure that you configure your file server software in a way that it only listens on localhost. So nobody from the outside is able to connect to it.

qbi
  • 1,601
  • 2
  • 14
  • 27