[tor-dev] RFC: obfsproxyssh

Tom Ritter tom at ritter.vg
Sat Jul 27 13:52:52 UTC 2013

On 26 July 2013 23:56, Andreas Krey <a.krey at gmx.de> wrote:
> On Tue, 02 Jul 2013 23:42:20 +0000, Ximin Luo wrote:
> ...
>> What sort of PKI are you using to verify the pubkey claimed by either side, to
>> prevent MitM?
> What for? The authentication happens in the next step,
> within the OR/bridge protocol. In this case we just have
> an additional layer of encryption around it.

I've always thought with SSH-based obsproxies, that you could
distribute the SSH private key to connect to the server with the
bridge IP address:port.  Then, when a user connects to the bridge they
use that SSH private key to login to SSH as normal (and then talk Tor,
and authenticate the relay).  If a scanner saw the connection and
suspected it was Tor, they would try and connect, and be presented
with the normal SSH login... which they couldn't complete because they
don't know a valid username/password.  They wouldn't be sure the
server was running Tor then.  If however the obsproxy accepted any SSH
password/key, the scanner could successfully connect and determine it
was running Tor.

So I think the value of requiring a login a the SSH-based obsproxy is
not for authentication but for scanning resistance.


More information about the tor-dev mailing list