|
|||
Compromized tor ssh instances
I use tor on OpenBSD host for sshing into remote servers with dynamic IP addresses. In the middle of February, 2015 I witnessed strange pattern while trying to SSH into remote server running Debian GNU/Linux. I was offered a fake key and out of curiosity I accepted it. This same pattern continued with other remote machine running CentOS; I decided not to accept the key and contacted the admin at other side. They said they have not regenerated the keys on their host.
On OpenBSD host I checked how many users were logged in and it showed me 4 instances of a single user logins; which was strange. I regenerated the keys on the first machine, removed the previous one and reinitiated ssh sessions. It is my understanding that tor's x.509 certificates are self-signed and it is possible to force a MITM attack by forging certificates. Tor's exchange can be intercepted and forged. I can't demand logs from remote hosts to verify these incidents. After considering several options and in order to minimize the risk I decided to chroot tor as per instructions available at http://pestilenz.org/~bauerm/tor-openbsd-howto.html and https://trac.torproject.org/projects...bsdChrootedTor These documents are not up-to-date and during the test I have taken into account the missing bits. After the setup when I tried to start tor in chroot I got 'Abort trap'. The trials were carried out on OpenBSD-5.6 i386 running in qemu on OpenBSD host. I will like to know how I can achieve this and chroot tor. This security concern is only about sshing thru tor or hosting a hidden service, for everything else I pass traffic thru <lan> --- <OpenBSD-router> --- <squid> --- <privoxy-chrooted> --- <tor> --- <Internet>. Thanks! |
Tags |
chrooting tor, hidden service, ssh |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Run 2 instances of ftp_proxy | Simon | OpenBSD Security | 0 | 29th April 2010 06:08 AM |
Multiple instances of Opera | ebzzry | FreeBSD General | 7 | 24th July 2008 03:53 AM |
Possible to run multiple instances of ftp-proxy on boot? | amac | OpenBSD General | 3 | 23rd May 2008 11:15 AM |