On 2013-07-29 00:05, Andreas Krey wrote:
On Sat, 27 Jul 2013 09:52:52 +0000, Tom Ritter wrote: ...
I've always thought with SSH-based obsproxies, that you could distribute the SSH private key to connect to the server with the bridge IP address:port.
I couldn't quite avoid the reflexive cringe at 'distribute private key'. :-)
...
So I think the value of requiring a login a the SSH-based obsproxy is not for authentication but for scanning resistance.
Ah, that's a cool idea. I was already assuming that a specific key would be used to select the tor service on the sshd, but making that key variable is a nice twist. (I didn't know the bridgedb has space for such info.)
Yep, that's the idea. All of the arguments in the gigantic bridge line of doom are the equivalent of something like the shared secret component present in ScrambleSuit.
The code's changed quite a bit since I've last posted (per discussion with asn a while ago, we decided that it would be better to use a "real" ssh client), so I have been working on a python script that wraps OpenSSH. Works fairly well under U*IX, but under Windows, there's a few issues that need to be addressed still.
Regards,