We live in a nat-ed / firewall-ed world. Almost all DSL providers don’t give public IPs and when the do, they are often behind a draconian firewall. In this context having an emergency remote shell, despite not fast and not public is very handy. A simple way to solve this problem it to create a hidden server on the tor network and the access the shell from anywhere in the world without caring of change of IPs, routing, dns or anything else.
On debian you can just install tor from the official repository. Since Tor is not available in ubuntu (but it is available on debian), we need to get it directly from the tor website. There is a nice write-up on the ubuntu site : https://help.ubuntu.com/community/Tor . And these are the details on the tor website.
So we add this to apt.sources
deb http://deb.torproject.org/torproject.org lucid main
and the we aptitude install tor .The package will install and
run by default the tor daemon. Next step is to edit /etc/tor/torrc
to add the proxy server.
HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 127.0.0.1:22
Remember also to install the openssh-server server if you don’t have it already. And this is it. In the directory /var/lib/tor/ssh/ you will find a file with the hostname on the TOR ring that you have to use to connect to you new hidden server.
On the client side we need to aptitude install connect-proxy.
It’s a simple tool to tunnel ssh through a socks5 connection. Now you
are ready to test. In your ~/.ssh/config you can simply add
something like
Host *.onion
ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p
and then ssh-way youronionhost.onion server . The connection will be veeeeery slow since you are going through different layers of encryption and indirection. You should also check the hostid of your server before connecting and dropping in a pub-key as you should never trust your friendly TOR providers (US govt, Chinese gvt, Iranian govt, etc …).
For emergency is actually pretty handy. For anything else if will make you die of boredom …
Update
Ahhh . It seems I’ve assumed that since TOR was not available on ubuntu, this was the same on debian. Tor is definitely available on debian, but not on ubuntu. Blah… check before asserting wrong information ! Post fixed.