On Dec 17, 2018, at 22:51, Mirimir <mirimir@riseup.net> wrote:

And sure, I could setup .onion SSH for everything, and that'd arguably
be more secure. But sometimes I'm just too lazy for that.

I'm pretty frickin' lazy, but I do this with all my servers. Here's the recipe for Linux/Debian provisioning:

-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

# cat >>/etc/apt/sources.list

deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main

# apt install gnupg2 dirmngr

# gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

# gpg --keyserver hkp://pool.sks-keyservers.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

# gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

# apt update

# apt install tor deb.torproject.org-keyring

HiddenServiceDir /var/lib/tor/control/
HiddenServicePort 22 127.0.0.1:22

# service tor restart

# cat /var/lib/tor/control/hostname

Record the onion address for posterity


-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

The SSH sessions to the .onion address seem pretty darned solid.

--Ron