On 12/18/2018 12:09 AM, Roger Dingledine wrote:
On Mon, Dec 17, 2018 at 11:51:29PM -0700, Mirimir wrote:
Given that I SSH via Tor a lot, that would suck for me. If too many exits didn't allow port 22, anyway. As it is, it's not uncommon for SSH logins via Tor to die. Presumably after some network hiccup.
And sure, I could setup .onion SSH for everything, and that'd arguably be more secure. But sometimes I'm just too lazy for that.
Now that I'm thinking of it, though, I wonder whether I ought to change SSH to port 443. That'd give me a larger exit population, which would be good. But for anyone watching, my SSH sessions would be more unusual.
What would be the likely net impact of using port 443 for SSH?
Another more surprising impact for you is that your ssh connections would, counterintuitively, die more often.
That's because Tor has a LongLivedPorts option, where streams for those destination ports use circuits with all Stable-flagged relays, and 22 is in the list but 443 is not:
LongLivedPorts PORTS A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that a node will go down before the stream is finished. Note that the list is also honored for circuits (both client and service side) involving hidden services whose virtual port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)
Thanks. I guess that I'll stick with port 22, then.
And re .onion services, it's interesting that OnionCat port 8060 isn't on the list. I guess that I ought to use one of those, instead.
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays