2
I recently read some blogs posts about how to use Tor Hidden Services to access an SSH server. They argued it can increase security, but I don't understand why this should apply.
As far as I understand a Tor Hidden Service need to announce itself to the Tor network, so someone listening to those announces could know about it, while a non-Tor SSH server running on a non-default port is only discovered if someone actively scans for it (or captures my traffic).
My current SSH configuration includes blocking the IP of a client, which failed to authenticate for more than two times in a certain period of time. Additionally, I used geolocation to block all clients outside of my country. If I would use Tor, I do not know about the client, therefore cannot react to DoS attacks or bruteforce attempts (I disabled password authentication, anyway), or can I?
Is there any advantage of using Tor Hidden Services for SSH, besides hiding the traffic metadata (someone capturing my traffic does not now about the type and target of my connections), and maybe using pluggable transports to connect to the service through most firewall configurations? What are your experiences?
muffel
Posted 2015-02-21T11:21:14.863
Reputation: 433
This question belongs on https://security.stackexchange.com/
– SPRBRN – 2015-02-21T12:25:24.620Country blocking is not a that good idea. If you ever need a VPN on a foreign Mac or if there's a crash while you're on vacation you'll have a serious problem. Use port knocking and ssh key auth or similar if you're too worried. – Sebb – 2015-02-21T13:57:37.800