 |
Title: Tor part 1: how-to use Tor on OpenBSD |
|
Author: Solène |
|
Date: 10 October 2018 |
|
Tags: openbsd unix tor security |
|
Description: |
|
|
|
Tor is a network service allowing to hide your traffic. People |
|
sniffing your network will not be able to know what server you reach |
|
and people on the remote side (like the administrator of a web |
|
service) will not know where you are from. Tor helps keeping your |
|
anonymity and privacy. |
|
|
|
Long story short, tor makes use of an entry point that you reach |
|
directly, then servers acting as relay not able to decrypt the data |
|
relayed, and up to an exit node which will do the real request for |
|
you, and the network response will do the opposite way. |
|
|
|
You can find more details on the |
|
[Tor project homepage](https://www.torproject.org). |
|
|
|
Installing tor is easy on OpenBSD. You need to install it and start its |
|
daemon. The daemon will listen by default on localhost on port 9050. On |
|
other systems, it may be similar, install the tor package and enable |
|
the daemon if not enabled by default. |
|
|
|
# pkg_add tor |
|
# rcctl enable tor |
|
# rcctl start tor |
|
|
|
Now, you can use your favorite program, look at the proxy settings and |
|
choose "SOCKS" proxy, v5 if possible (it manage the DNS queries) and |
|
use the default address: `127.0.0.1` with port `9050`. |
|
|
|
If you need to use tor with a program that doesn't support setting a |
|
SOCKS proxy, it's still possible to use **torsocks** to wrap it, that |
|
will work with most programs. It is very easy to use. |
|
|
|
# pkg_add torsocks |
|
$ torsocks ssh remoteserver |
|
|
|
This will make ssh going through tor network. |
|
|
|
Using tor won't make you relaying anything, and is legal in most |
|
countries. Tor is like a VPN, some countries has laws about VPN, check |
|
for your country laws if you plan to use tor. Also, note that using |
|
tor may be forbidden in some networks (companies, schools etc..) |
|
because this allows to escape filtering which may be against some kind |
|
of "Agreement usage" of the network. |
|
|
|
I will cover later the relaying part, which can lead to legal |
|
uncertainty. |
|
|
|
Note: as torsocks is a bit of a hack, because it uses LD_PRELOAD to |
|
wrap network system calls, there is a way to do it more cleanly with |
|
ssh (or any program supporting a custom command for initialize the |
|
connection) using netcat. |
|
|
|
ssh -o ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p' |
|
address.onion |
|
|
|
This can be simplified by adding the following lines to your |
|
**~/.ssh/config** file, in order to automatically use the proxy command |
|
when you connect to a .onion hostname: |
|
|
|
Host *.onion |
|
ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p' |
|
|
|
This netcat command was tested under OpenBSD, there are other netcat |
|
implementations, the parameters may be different. |
