Jump to content

(Reverse) Ssh Over Tor

Recommended Posts

Hey guys,

I was wondering if this (or something like it) is something that could be implemented as a Pineapple Bar menu item. It seems like it would quite handy to have this auto-configured right from the box, for say dead drops that want to anonymously dial back to your relay server.


Edited by skimpniff
Link to comment
Share on other sites

  • 2 weeks later...

irongeek has a good guide on how to get it running on the Raspberry Pi. If you can get all the dependencies onto the device I don't see why it wouldn't work. Check it out over here http://www.irongeek.com/i.php?page=security/raspberry-pi-i2p-svartkast

Link to comment
Share on other sites

I'm also interested in this as well skimpniff - if you get it working I'm sure I'm not the only one that would enjoy a show and tell!


Link to comment
Share on other sites

i'll monkey around with it. if it is able to be done, how hard would it be to implement a module (Whistle Master)?


I looked at Irongeeks walkthrough as recommended, but I was more than a little boggled by some of it and decided to investigate an avenue I was able to wrap my head around a little easier.

I am not a programmer and my script skills are minimal, so please excuse any elementary aspects of my mental process. Of course, in the spirit of hacking, I am open to suggestions, information, and instruction.

Per My first step is getting Tor on the Pineapple. I found this site: https://trac.torproj...iki/doc/OpenWRT :

Install Tor:

opkg install tor

These packages should be installed but if they're not - install wireless driver and AP support packages: (Personal Edit: I do not know if this is applicable to the Mk4).

opkg update opkg install kmod-ath9k opkg install wpad-mini

After getting TOR installed, http://devilslab.wor...-pwnie-express/

calls for getting connect.c installed to get SSH to make use of TOR. I am not sure about that part.

Another thought process: Is it possible to modify the guidelines at https://trac.torproj...iki/doc/OpenWRT to be limited to SSH instead of all traffic?

Edited by skimpniff
Link to comment
Share on other sites

  • 8 months later...
  • 2 weeks later...

So, deciding to take another approach, I want to bounce the idea off the forums to see what you guys have to say. Supposing the IP of the Pineapple was a non-issue because it is either associated to the customer/target (WAN/LAN for example) or the 3G dongle is non-attributable, and also supposing the server setup for SSH relay was also non-attributable, wouldn't simply using torsocks (http://code.google.com/p/torsocks/) be an acceptable solution for anonymous remote access to the Pineapple?

ie. torsocks ssh login@host

This seems easier than running Tor hidden services on the relay SSH server and everything that would go along with that setup. That being said, it has been my experience that if it seems easy there is probably a catch. Other than a potential username leak, this seems like a good answer. So I leave it here to QC the idea.


This is another option that seems to meet the same purpose.


Edited by skimpniff
Link to comment
Share on other sites

  • 2 weeks later...

Dear All,

This may be very interesting. In my mind using Torsocks could provide more flexibility and options than anything else.

I have been using Tor hidden services with the wifi pineapple. For me the big benefit is that it makes setting up and anonymising (in principle), a reverse ssh session, more straightforward. I would welcome feedback here or differing opinions?

Whilst Torsocks (I think) will be easier and more flexible in the long run to setup and use, my question would be "does it offer the same levels of anonymity as Tor hidden services?"

However, for me (and I may be missing something), there are 3 main negative points using Tor hidden services;

  1. Tor startup is CPU and RAM intensive, so much so it does cause reliability issues, i.e. initial boot up frequently crashes.
  2. For the reverse shell I only seem to be able to get a combination of Dropbear and OpenSSH to work (I think further exacerbating the first point as OpenSSH has a larger memory footprint).
  3. I can't get autossh to work, so have to cludge this without autossh, my suspicion being that this is to do with the mix of Dropbear and OpenSSH.

I'm assuming that point 1 above will be the same whether Tor hidden services or Torsocks are used, can anyone confirm or refute this point please?

I'm hopeful the new version of the Alfa hardware with more memory will help.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...