Compromized tor ssh instances

[chigurh]

I use tor on OpenBSD host for sshing into remote servers with dynamic IP addresses. In the middle of February, 2015 I witnessed strange pattern while trying to SSH into remote server running Debian GNU/Linux. I was offered a fake key and out of curiosity I accepted it. This same pattern continued with other remote machine running CentOS; I decided not to accept the key and contacted the admin at other side. They said they have not regenerated the keys on their host.

On OpenBSD host I checked how many users were logged in and it showed me 4 instances of a single user logins; which was strange. I regenerated the keys on the first machine, removed the previous one and reinitiated ssh sessions.

It is my understanding that tor's x.509 certificates are self-signed and it is possible to force a MITM attack by forging certificates. Tor's exchange can be intercepted and forged. I can't demand logs from remote hosts to verify these incidents.

After considering several options and in order to minimize the risk I decided to chroot tor as per instructions available at http://pestilenz.org/~bauerm/tor-openbsd-howto.html and https://trac.torproject.org/projects...bsdChrootedTor

These documents are not up-to-date and during the test I have taken into account the missing bits. After the setup when I tried to start tor in chroot I got 'Abort trap'. The trials were carried out on OpenBSD-5.6 i386 running in qemu on OpenBSD host.

I will like to know how I can achieve this and chroot tor. This security concern is only about sshing thru tor or hosting a hidden service, for everything else I pass traffic thru <lan> --- <OpenBSD-router> --- <squid> --- <privoxy-chrooted> --- <tor> --- <Internet>.

Thanks!