LINUX.ORG.RU

Прошу помочь подключиться к SSH-серверу через сеть TOR

 , ,


1

1

На 1-й машине запущен sshd

Port 56320
AllowUsers user11123

AddressFamily inet
#ListenAddress 127.0.0.1

IgnoreRhosts yes
UseDNS no

TCPKeepAlive yes
Compression no

Subsystem	sftp	/usr/lib/ssh/sftp-server

KexAlgorithms diffie-hellman-group18-sha512
RekeyLimit 256M
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes ssh-rsa
FingerprintHash sha256

LoginGraceTime 30
MaxAuthTries 3

MaxSessions 1
MaxStartups 1

HostbasedAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no

AuthorizedKeysFile /home/user11123/.ssh/authorized_keys

PermitRootLogin no
PrintMotd no
PrintLastLog yes

ClientAliveInterval 30
ClientAliveCountMax 5

SyslogFacility AUTH
LogLevel INFO

и tor со следующим дополнением к стандартному конфигу :

HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 56320 127.0.0.1:56320

iptables на время эксперимента отключается. На второй машине запускается tor и

ssh nb
с конфигом
host nb
    User user11123
    Hostname __скопированный_с_сервера_адрес__.onion
    Port 56320
    VerifyHostKeyDNS no
    ProxyCommand ncat -vvv --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p

KexAlgorithms diffie-hellman-group18-sha512
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
PubkeyAcceptedKeyTypes ssh-rsa
HostKeyAlgorithms ssh-rsa
HostbasedAuthentication yes
HostbasedAcceptedKeyTypes ssh-rsa
PasswordAuthentication no
CheckHostIP no

KeepAlive yes

Результат этой команды:

Ncat: Version 7.70 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
Ncat: Connected to proxy 127.0.0.1:9050
Ncat: No authentication needed.
Ncat: Error: Host unreachable.
kex_exchange_identification: Connection closed by remote host

tor.log на стороне клиента :

Close 1 streams for service [scrubbed].onion for reason resolve failed. Fetch status: No more HSDir available to query.

Подскажите, друзья, почему так ?

Ответ на: комментарий от TomBOY

Сделал sshd порт 22 И у тора HiddenServicePort 22 127.0.0.1:22

systemctl restart sshd.service systemctl restart tor.service

Телефон из интернета по ssh коннектится

1560109549 DEBUG torsocks[27148]: [onion] Onion entry name 3mu2qdoi3maovxha3vfk7dznl44on2ufnawxqc5m46pa5cdijg4p5uid.onion found in pool. (in onion_entry_find_by_addr() at onion.c:280)
1560109549 DEBUG torsocks[27148]: Connecting to the Tor network on fd 3 (in tsocks_connect_to_tor() at torsocks.c:473)
1560109549 DEBUG torsocks[27148]: Setting up a connection to the Tor network on fd 3 (in setup_tor_connection() at torsocks.c:368)
1560109549 DEBUG torsocks[27148]: Socks5 sending method ver: 5, nmethods 0x01, methods 0x00 (in socks5_send_method() at socks5.c:229)
1560109549 DEBUG torsocks[27148]: Socks5 received method ver: 5, method 0x00 (in socks5_recv_method() at socks5.c:262)
1560109549 DEBUG torsocks[27148]: Socks5 sending connect request to fd 3 (in socks5_send_connect_request() at socks5.c:459)
1560109669 DEBUG torsocks[27148]: Socks5 received connect reply - ver: 5, rep: 0x06, atype: 0x01 (in socks5_recv_connect_reply() at socks5.c:519)
1560109669 ERROR torsocks[27148]: Connection timed out (in socks5_recv_connect_reply() at socks5.c:547)
1560109669 DEBUG torsocks[27148]: [close] Close caught for fd 3 (in tsocks_close() at close.c:33)
curl: (7) Couldn't connect to server
1560109669 DEBUG torsocks[27148]: [onion] Destroying onion pool containing 1 entry (in onion_pool_destroy() at onion.c:148)
Coyote112358 ()
Ответ на: комментарий от TomBOY
● sshd.service - OpenSSH Daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-06-09 19:50:02 UTC; 6s ago
 Main PID: 27201 (sshd)
    Tasks: 1 (limit: 4915)
   Memory: 980.0K
   CGroup: /system.slice/sshd.service
           └─27201 /usr/bin/sshd -D

июн 09 19:50:02 computer sshd[27201]: Server listening on 0.0.0.0 port 22.
Coyote112358 ()
Ответ на: комментарий от TomBOY

после завершения попытки torsocks-а :

июн 09 19:52:20 computer sshd[27252]: Unable to negotiate with 103.207.36.205 port 60383: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

Coyote112358 ()
Ответ на: комментарий от Coyote112358

после torsocks curl onion:22

status sshd.service :

июн 09 19:54:51 computer sshd[27267]: Received disconnect from 142.93.235.43 port 57368:11: Bye Bye [preauth]
июн 09 19:54:51 computer sshd[27267]: Disconnected from 142.93.235.43 port 57368 [preauth]
июн 09 20:00:20 computer sshd[27338]: Received disconnect from 80.211.165.56 port 44456:11: Bye Bye [preauth]
июн 09 20:00:20 computer sshd[27338]: Disconnected from 80.211.165.56 port 44456 [preauth]

Coyote112358 ()
Ответ на: комментарий от Coyote112358

Усё хорошо шеф. Всё у тебя заработало.
Сказано же: сделай ssh по дефолту.

KexAlgorithms diffie-hellman-group18-sha512
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
PubkeyAcceptedKeyTypes ssh-rsa
HostKeyAlgorithms ssh-rsa
HostbasedAuthentication yes
HostbasedAcceptedKeyTypes ssh-rsa
PasswordAuthentication no
KexAlgorithms diffie-hellman-group18-sha512
RekeyLimit 256M
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes ssh-rsa
FingerprintHash sha256

Эти все приблуды убери.
Потом добавлять будешь по одной штуке за раз.

TomBOY ()