Tor Hidden Service as Nat Traversal Technique
Over the past few months, I have had to solve quite the same type of tasks several times — regularly accessing computers “hidden” behind NAT. While it was one stationary computer, everything was decided by forwarding the port on the home router plus DynDNS. Then a laptop was added. And one more. Laptops could connect to home WiFi, and could be, for example, in the workplace. Our company provides VPN services, but it was during this period that the VPN for some reason did not work stably. In the course went VPS, reverse ssh-tunnels. When the configuration ceased to fit in the head, the idea came to reduce the number of entities using the Tor Hidden Service.
As you know, Tor provides the ability to create "hidden" services - network names from the .onion space, which can be connected through any client of the Tor network. At the same time, in order to anonymize the server on which these services are located, the connection takes place via “rendezvous points” - computers that are not closed by NAT. The computer itself, where the hidden service is located, can be behind NAT, a firewall, etc., but through the Tor network it can still be accessed.
No sooner said than done. Install the Tor client. We add two lines to the configuration file:
As HiddenServiceDir, we specify any place where Tor can create the directory itself (if it doesn’t exist) and several configuration files.
In the HiddenServicePort line, the first number is the port number that we access via Tor. Theoretically, you can specify not 22, but, for example, 1234.
')
Restart Tor. Two files will appear in the directory:
The
After that, I can tell
For a hidden service, you can pick up a less random name. To do this, use the program Scallion . The generated key is placed in the folder corresponding to the hidden service.
One Tor-client can serve several hidden services (it is enough to specify these lines several times). Each hidden service "services" one or more ports forwarded through Tor (we specify several lines with HiddenServicePort in a row).
As you know, Tor provides the ability to create "hidden" services - network names from the .onion space, which can be connected through any client of the Tor network. At the same time, in order to anonymize the server on which these services are located, the connection takes place via “rendezvous points” - computers that are not closed by NAT. The computer itself, where the hidden service is located, can be behind NAT, a firewall, etc., but through the Tor network it can still be accessed.
No sooner said than done. Install the Tor client. We add two lines to the configuration file:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22 As HiddenServiceDir, we specify any place where Tor can create the directory itself (if it doesn’t exist) and several configuration files.
In the HiddenServicePort line, the first number is the port number that we access via Tor. Theoretically, you can specify not 22, but, for example, 1234.
')
Restart Tor. Two files will appear in the directory:
private_key- the secret key of your service. Tor uses this key from this file to work. Pay attention, knowing this key, an attacker may introduce himself as your service and no one will understand anything;hostnameis an automatically generated file with the name of your service. If you delete or change this file, everything will still work.
The
hostname file contains the name of your service of the type xxxxxxxxxxxxxxxx.onion .After that, I can tell
torsocks ssh xxxxxxxxxxxxxxxx.onion on any machine and get on my laptop.For a hidden service, you can pick up a less random name. To do this, use the program Scallion . The generated key is placed in the folder corresponding to the hidden service.
One Tor-client can serve several hidden services (it is enough to specify these lines several times). Each hidden service "services" one or more ports forwarded through Tor (we specify several lines with HiddenServicePort in a row).
Source: https://habr.com/ru/post/237019/
All Articles