[tor-dev] RFC: obfsproxyssh

Yawning Angel yawning at schwanenlied.me
Mon Jul 29 23:56:43 UTC 2013

On 2013-07-29 00:05, Andreas Krey wrote:
> On Sat, 27 Jul 2013 09:52:52 +0000, Tom Ritter wrote:
> ...
>> I've always thought with SSH-based obsproxies, that you could
>> distribute the SSH private key to connect to the server with the
>> bridge IP address:port.
> I couldn't quite avoid the reflexive cringe at 'distribute private key'. :-)
> ...
>> So I think the value of requiring a login a the SSH-based obsproxy is
>> not for authentication but for scanning resistance.
> Ah, that's a cool idea. I was already assuming that a specific key would
> be used to select the tor service on the sshd, but making that key
> variable is a nice twist. (I didn't know the bridgedb has space for
> such info.)

Yep, that's the idea.  All of the arguments in the gigantic bridge line
of doom are the equivalent of something like the shared secret component
present in ScrambleSuit.

The code's changed quite a bit since I've last posted (per discussion
with asn a while ago, we decided that it would be better to use a "real"
ssh client), so I have been working on a python script that wraps
OpenSSH.  Works fairly well under U*IX, but under Windows, there's a few
issues that need to be addressed still.


Yawning Angel

More information about the tor-dev mailing list