Using Tor as a sysadmin tool
Tags: networking, software.
By lucb1e on 2014-04-07 00:44:47 +0100
It's not every day that I get to combine the tags "networking" and "software". Using Tor as a sysadmin tool (system administration tool) is really neat and changes the way I can work with networks. Instead of having a bunch of firewalled and unreachable systems, I can now configure Tor and happily connect to any place I damn well please. Within computers that I own, of course, but at least I'm no longer bothered by routers and portforwarding.
Tor, in this way, works like a virtual network. Wired
wrote a few years ago about a company called Nicira that would to do networking that VMWare did to servers. It would make networking hardware as virtual as servers already are.
Nowadays we have routers, switches, firewalls, you name it. With Nicara's new software layer on top of the physical one, those limitations of a "switch" only "switching" would go away. There would only be devices, wires, and software. The software, centrally controlled, defines what the hardware actually is and does. A switch can become a router with the change of a setting.
Tor is not really the same, but it comes close in at least one way: it is a network layer on top of the existing network layer, thereby allowing me to do interesting things like connecting from any place to any place.
School has this lovely VMWare environment with something like 200 gigabytes of RAM. Lots of fun to use on a Saturday night when nobody is around and you have the whole lot to yourself, but the fact that you needed to be physically present in the classroom pretty much cancelled that idea.
Of course, me being such a leet haxxor (*cough*), I installed Teamviewer and set a trigger for the virtual machine to boot itself at a given time, allowing me to connect remotely. Only ports 80 and 443 are allowed so LogMeIn didn't work (back then LMI was still free), but Teamviewer got the job done and I could do my homework, and other things :), while the VMWare cluster was actually at top speed.
Nowadays the rules are slightly relaxed and we have a VPN to connect from home, but I still need Windows to manage the virtual machines. On top of that there is this hugely annoying remote desktop-like environment, which often enough hangs so that instead of "ping 126.96.36.199" you typed "ping 188.8.131.52555555555555555555". Bonus points for when the same lag happens while trying to backspace the excessive keystrokes.
So that's not really the way I want it. Instead of running Teamviewer again and needing to use yet another remote desktop like environment, I wanted to use ssh and rock the command line like a boss. But how to? I needed something like a reverse shell, and it needed to connect somewhere to either port 80 or 443... it was pretty much impossible because my ports are already taken by this website (lucb1e.com), and school does not have IPv6 (they have something like a half a million IPv4 addresses instead, I'm not kidding). If school had had IPv6, it would have been peanuts. Like Tor, IPv6 is a game changer at times.
After rejecting the idea of using Hamachi I decided to use Tor hidden services. What if I run Tor on the server, configure ssh as hidden service, copy over the hostname, and connect from home?
It took a bit of debugging, but in the end it worked! I can now do "ssh a561nc8zxgj6fz64.onion" and it will happily connect to the server despite the restrictive firewall :)
For bonus points I configured a second hidden service that lets me connect, via tor2web (or the Tor Browser Bundle), to the webadmin interface of pfSense.
So how to do this?
Well for starters, you should run GNU/Linux. Like, really, it solves half your networking issues by design.
I'm going to assume the system you're working on is GNU/Linux and the system you're connecting to is also GNU/Linux.
First install tor on both machines. In Debian-based systems you can simply "apt-get install tor", on other systems you may need to grab it from https://torproject.org
Secondly, configure ssh on the machine that you will be connecting from (your own laptop):
vim ~/.ssh/config # append the following (vim keys: Go):
ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p
Thirdly, install what we need to use this connect proxycommand:
apt-get install connect-proxy
Fourthly, start tor on your local machine if it hasn't been started yet:
service tor start
Fifthly, configure Tor on the target machine.
vim /etc/tor/torrc # append, prepend, whatever:
# Replace ReachableAddesses with whatever is appropriate
# Now search for "hidden" (vim key for searching: /searchquery)
# Enable these lines by removing the leading pound (#) sign:
HiddenServicePort 22 127.0.0.1:22
# Quit vim
# Check whether the tor directory exists
cd tor # works? Okay! Doesn't work? Do this:
chown debian-tor tor # change owner of tor to debian-tor
# If it hadn't been started before, we can now start tor:
service tor start
# Or if it had been started, use this:
service tor reload
Sixthly, head over to the hidden service directory on the target machine to grab your hostname that you should connect to:
Lastly, try sshing to the hostname you just got!
(I got lucky there: seventhly was the first incorrect word according to my spell checker.)
I think we got it all and it should connect now. If you get an error of the host being unreachable, wait a minute and try again. I went for a shower so I can't tell you how long it took. It shouldn't be more than a minute in most cases, but I'm not sure how much the FascistFirewall option limits connectivity. You can also "apt-get install tor-arm" and then run the "arm" command ("anonymizing relay monitor") to view Tor's status. It also displays the last lines of the log file, which are often useful. The log file is located in /var/log/tor/.
Fun fact: try running bb, the ascii art demo, over this connection. It'll go horribly when you see lots of different characters or shades, but beautifully (even though you have like 950ms lag) when most of the screen is made out of the same characters. You can really see the effect of compression there! (Remember the compression option in step #2? That's this.)
circumventing fascist firewalls! :D