SSH through TOR automatically

89.0 KiB

A user may wish to use SSH with Tor for any number of reasons. To do this, download and install connect.c (above) and then add this line to your SSH configuration:

localhost:~ $ nano ~/.ssh/config

Compression yes # this compresses the SSH traffic to make it less slow over tor

ProxyCommand connect -5 -R remote -S localhost:9050 %h %p

After this has been added to the SSH configuration, a user can simply ssh myserver to be routed through Tor to the hidden service (or clearnet server). This can also be done with proxychains, but the ProxyCommand directive is a permament solution.


507 total views, no views today

Changing Tor circuit without vidalia


Changing Tor circuit without vidalia

Postby plasticFork » Thu Dec 22, 2011 2:38 pm
What this tutorial is specifically about is using telnet and expect to change your tor circuit without vidalia.

Some people don’t know how to start a new Tor circuit without vidalia and without restarting Tor all together so I thought I’d write a tutorial and maybe go into the other uses of the Tor control port.

First I’m going to go through the process manually so you can do it yourself and see how it works, then I’ll explain automating it with a script later.

Before we start you need a program called Telnet. It should be included with most Operating Systems. I wrote this guide using Linux but the principle should still apply to Windows while some of the syntax might not. The other thing you need is to enable your Tor control port. Track down your torrc (/etc/tor/torrc by default) make a copy if you want then open it with a text editor.
Make sure the

Code: Select all
ControlPort 9051

line is uncommented. You can use any available port of course, we’ll just stick with the default.

And also uncomment

Code: Select all
HashedControlPassword 16:

Don’t worry about the really long number for now.
Open a terminal and type

Code: Select all
tor –hash-password apple

replace apple with a password. For testing purposes it doesn’t have to be long and complicated, you can always change it later.
Copy and paste the new 16: number into your torrc (replacing what is already there).

Restart tor so it loads the new torrc. Do

Code: Select all
tor -f /path/to/torrc

if you want to be sure it is loading the right torrc.

That’s the setup phase.

Now to actually access the control port and change the tor circuit manually.

Open a terminal and type

Code: Select all

when telnet opens type

Code: Select all
open localhost 9051

If you get 250 OK then good. Type

Code: Select all
authenticate “apple”

where apple is you password. The quotation marks are important, don’t leave them out.
If you get 250 OK then good.
Now you can send commands through telnet directly to Tor. The command for starting a new circuit is

Code: Select all
signal newnym

If you get 250 OK then it worked.

To exit gracefully type

Code: Select all

And that’s all there is to it. Open your tor browser and test it with ipchicken or to see if it works. You can obviously keep the connection open and send signal newnym or any other command as many times as you want.

Ok so that’s cool but you don’t want to manually open telnet and type all that stuff each time, we need to automate the process. To do this we’ll use a program called expect. You may have to download it. Everyone uses a different distro so figure it out for yourself. Once you have expect installed we need to translate what we just did into a script for expect to execute automatically.

Code: Select all
spawn telnet localhost 9051
sleep 1
send “authenticate \”password\”\n”
expect “250 OK”
send “signal newnym\n”
expect “250 OK”
send “quit\n”
expect eof

line 1 opens telnet and has it connect to Tor’s control port.
line 2 just waits 1 second. This might not be necessary.
line 3 sends the authentication string. You need to escape the quotation marks with backslashes. The \n part may not be applicable to Windows, use whatever Windows uses for new line character (Don’t ask me I don’t know or care).
line 4 waits until Tor sends “250 OK” back, then proceeds.
line 5 sends the signal newnym command.
line 6 same as line 4
line 7 ends the connection with the Tor control port gracefully
line 8 ends the telnet process.

Save this somewhere as a simple textfile (like any other script).
Run it at the terminal with

Code: Select all
expect /path/to/file

If typing the path is getting tedious and you’re on a *nix machine what you can do is add

Code: Select all
#!/usr/bin/expect -f

at the beginning of the file, copy it to /usr/bin folder. After that you can simply type the file name in the terminal to run it.

Thanks Anonaddict for this addition (page 2)

Or if you prefer the gui way of doing things you can add

Code: Select all
expect /path/to/file

to any shortcut or *box menu.

And that’s it. A few closing notes –
This process involves leaving your Tor control port password in the expect file, which obviously isn’t cool. The way I mitigate this is I make the file only readable to root and then run the script as sudo. If I get rooted this isn’t going to be my biggest concern.

You can also do this with a traditional programming language like C and a bit of socks knowledge.

There are many commands you can send to the Tor control port. One thing I’ve been looking into is getting the ip and geological location of the current exit node in use (without doing something retarded like visiting ipchicken). If you’re interested then commands needed to do this are

Code: Select all
getinfo circuit-status
getinfo desc/id/
getinfo ip-to-country/

The last two require parameters based on the information returned by the previous command. i.e. you get the id of the current exit node from the first command, use the id to get the ip address of that node with the second command, then use the ip to get the hosted country with the 3rd.

Here are some links for further reading on what you can do with the Tor control port.

2,009 total views, no views today