[tor-talk] Anonymous SSH Hack.
Lars Noodén
lars.nooden at gmail.com
Mon Sep 12 13:43:25 UTC 2016
On 09/12/2016 03:54 PM, Ben Tasker wrote:
>...
> CheckHostIP=no
>
> Don't do a DNS lookup of the host, the Tor exit node's going to do that
> anyway, and again, the queries will be observable by your ISP
I'm thinking that the use of ProxyCommand makes that redundant?
The manual page for ssh_config(5) says
Note that CheckHostIP is not available for connects
with a proxy command.
I just did a quick test with only VerifyHostKeyDNS set to 'no'
ssh -o "VerifyHostKeyDNS=no" \
-o ProxyCommand="nc -X 5 -x localhost:9150 %h %p" \
user at ssh.example.org
while for leakage, I checked on a Ubuntu 14.04 LTS system with tcpdump:
tcpdump -vvv -A -qpli p3p1 'dst port 53'
and it showed no activity for the above ssh connection. It does show
DNS queries for non-Tor ssh connections and other activities with the
same tcpdump session.
And CheckHostIP isn't mentioned in the official documentation:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh
So it may not be needed.
Regards,
Lars
More information about the tor-talk
mailing list