[tor-relays] Extreme Exit Policy
Roger Dingledine
arma at mit.edu
Tue Dec 18 07:09:27 UTC 2018
On Mon, Dec 17, 2018 at 11:51:29PM -0700, Mirimir wrote:
> Given that I SSH via Tor a lot, that would suck for me. If too many
> exits didn't allow port 22, anyway. As it is, it's not uncommon for SSH
> logins via Tor to die. Presumably after some network hiccup.
>
> And sure, I could setup .onion SSH for everything, and that'd arguably
> be more secure. But sometimes I'm just too lazy for that.
>
> Now that I'm thinking of it, though, I wonder whether I ought to change
> SSH to port 443. That'd give me a larger exit population, which would be
> good. But for anyone watching, my SSH sessions would be more unusual.
>
> What would be the likely net impact of using port 443 for SSH?
Another more surprising impact for you is that your ssh connections would,
counterintuitively, die more often.
That's because Tor has a LongLivedPorts option, where streams for those
destination ports use circuits with all Stable-flagged relays, and 22
is in the list but 443 is not:
LongLivedPorts PORTS
A list of ports for services that tend to have long-running
connections (e.g. chat and interactive shells). Circuits for
streams that use these ports will contain only high-uptime nodes,
to reduce the chance that a node will go down before the stream is
finished. Note that the list is also honored for circuits (both
client and service side) involving hidden services whose virtual
port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190,
5222, 5223, 6523, 6667, 6697, 8300)
--Roger
More information about the tor-relays
mailing list