Suggest using a stealth Onion service for even greater security. #48
Conversation
This reverts commit b11039b.
Added the -N "" option for the host key generation to avoid accidental setup of a passphrase for the host keys rendering them unusable to sshd.
Added the -N "" for host key generation
There was a problem hiding this comment.
It is not appropriate to illustrate inserting the client data for connecting to the stealth service into torrc through a reference to micahflee/onionshare. Really, what is the chance that people running the Tor server will be running OnionShare? I don't think there's much, and the Secure-secure-shell article wasn't mentioning this product before. If a process illustration is needed, it should derive from a standard (ordinary) Tor server setting without unnecessary additions.
|
If you read the instructions on the OnionShare wiki, you will see that they do derive from a standard Tor. OnionShare is irellevant. The link was provided because it is exactly the same content as what is needed to inform a layperson how to configure a Tor client to connect to an Onion service, except they have already been written, so I saw no need to rewrite them (yet again). :) |
|
Any information that isn't absolutely precise and relevant is surplus to requirements, and it can be a nuisance, it can pollute content. You must think like a technical writer, and must not assume everybody has your background or better, to tell at a glance what's important, what's real and what's accessory, tell the wheat from the chaff. If you don't, people of a methodical mind who read this product page (Secure-secure-shell) will at best be annoyed, or distracted, or bewildered; people who're new to these issues may be confused, they may be misguided or misled, they may think they need to use OnionShare to achieve their ends when they do not. The overall quality of Secure-secure-shell is stribika's responsibility, and his also to accept, reject, or delay indefinitely any pull requests. Yours if you wish to collaborate is to submit thoughtful, carefully crafted, best-you-can pull requests. Mine is to comment when I feel these high standards aren't adhered to. |
|
Thank you for reiterating the conversation so far. It sounds to me like everyone involved is doing exactly what you describe. :) Have a pleasant day. |
A stealth Onion service is a form of mutually authenticated connection between a Tor hidden service and a Tor client. The Tor server's identity is verified by virtue of its
.onionaddress, whereas the client is authenticated by means of a pre-shared key, called a client authorization cookie. This form of client authorization over Tor is especially useful to prevent attackers from being able to connect to your SSH server and retrieve its private key fingerprint, because the Tor process will reject any connection that does not supply a valid client authorization cookie before ever passing the traffic on tosshd.