Will do next time. Wasn't sure which one to spew at.
Also, homeslice seemed to have turned off the SSH MITM. I'm sure it is a coincidence it happened after I emailed the contact for the node.
I'm definitely going to write more modules and automate this better. This is neat. I should have done this ages ago.
On Sat, Jul 29, 2017 at 9:11 PM, teor teor2345@gmail.com wrote:
Hi,
I've cc'd bad-relays with this report.
Please send reports of bad relays to bad-relays@lists.torproject.org.
On 30 Jul 2017, at 02:56, eric gisse jowr.pi@gmail.com wrote:
it looks like i've found an exit node mitm-ing ssh, or at least giving it a shot.
https://atlas.torproject.org/#details/29378422C99074D06331D5700E47451610B0D2...
that exit policy looks more like a wishlist than anything else, at this point.
notice all 3 sites have different clear wire ssh keys (obviously) but all the same when connecting over tor. what a coincidence!
module code: https://github.com/jowrjowr/exitmap/blob/master/src/modules/sshmitm.py
# ./bin/exitmap sshmitm -e 29378422C99074D06331D5700E47451610B0D20D 2017-07-29 16:52:36,797 exitmap [INFO] Attempting to invoke Tor process in directory "/tmp/exitmap_tor_datadir-root". This might take a while. 2017-07-29 16:52:36,798 exitmap [INFO] No first hop given. Using randomly determined first hops for circuits. 2017-07-29 16:52:37,369 util [INFO] Tor Bootstrapped 0%: Starting 2017-07-29 16:52:41,942 util [INFO] Tor Bootstrapped 80%: Connecting to the Tor network 2017-07-29 16:52:41,943 exitmap [INFO] Successfully started Tor process (PID=31779). 2017-07-29 16:52:42,117 exitmap [INFO] Running module 'sshmitm'. 2017-07-29 16:52:42,269 modules.sshmitm [INFO] obtaining ssh key information for destinations 2017-07-29 16:52:42,269 modules.sshmitm [INFO] getting key for github.com 2017-07-29 16:52:42,643 modules.sshmitm [INFO] getting key for gitlab.com 2017-07-29 16:52:42,889 modules.sshmitm [INFO] getting key for bitbucket.com 2017-07-29 16:52:58,807 relayselector [INFO] 216 relays have non-empty exit policy but no exit flag. 2017-07-29 16:52:58,816 relayselector [INFO] 1 out of 1000 exit relays meet all filter conditions. 2017-07-29 16:52:59,080 exitmap [INFO] Scan is estimated to take around 0:00:03. 2017-07-29 16:52:59,080 exitmap [INFO] Beginning to trigger 1 circuit creation(s). 2017-07-29 16:53:02,018 exitmap [INFO] Done triggering circuit creations after 0:00:02.937566. 2017-07-29 16:53:04,169 modules.sshmitm [CRITICAL] tor ssh key mismatch for github.com:22 (192.30.253.112) over exit relay 29378422C99074D06331D5700E47451610B0D20D clear wire value: AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==, over tor value: AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT 2017-07-29 16:53:05,573 modules.sshmitm [CRITICAL] tor ssh key name mismatch for gitlab.com:22 (52.167.219.168) over exit relay 29378422C99074D06331D5700E47451610B0D20D clear wire value: ssh-ed25519, over tor value: ssh-rsa 2017-07-29 16:53:05,574 modules.sshmitm [CRITICAL] tor ssh key mismatch for gitlab.com:22 (52.167.219.168) over exit relay 29378422C99074D06331D5700E47451610B0D20D clear wire value: AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf, over tor value: AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT 2017-07-29 16:53:06,957 modules.sshmitm [CRITICAL] tor ssh key mismatch for bitbucket.com:22 (104.192.143.8) over exit relay 29378422C99074D06331D5700E47451610B0D20D clear wire value: AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==, over tor value: AAAAB3NzaC1yc2EAAAADAQABAAABAQCDQ73fwBw1OOjBIrR1TGVVUFn3LCUdVD6Gv0A1Dj2dp235PlHL3qu/w1WPbhS9YcX+OMRVwFOnoWAyZH8XU1/DHx/h21n4HzaVGkgODRuPt3+Q/ytn7Ehb9W3OZLCWCnhoD1HGKATOwhxfv+lLBbi0d37YVnmN6NkUG9db63n74mcj0wySYB+EMVNeoIQBsPiNk6NYDuVukfEsUAxUBBVoA2q117LdmJgdPJojz7wMvCyQMEOm1Vf6aXsTrl7/waCEvYVAgQanBvQMCp0Lq/r8noav8M+o/JMn3JDGqukqmyUG9wMPRoLWRP/RiC3alqTCG09PuqB4GmyvWpvv5iIT 2017-07-29 16:53:06,959 eventhandler [INFO] Ran 1 module(s) in 0:00:30.168619 and 0/1 circuits failed (0.00%). _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays