2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
< link rel = "shortcut icon" href = "../../../../../../assets/img/favicon.png" >
< title > Remote anonymous access setup (cockpit + ssh through tor)< / title >
<!-- Bootstrap core CSS -->
< link href = "../../assets/css/bootstrap.css" rel = "stylesheet" >
< link href = "../../assets/css/xt256.css" rel = "stylesheet" >
<!-- Custom styles for this template -->
< link href = "../../assets/css/main.css" rel = "stylesheet" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
<!-- Static navbar -->
< div class = "navbar navbar-inverse-anon navbar-static-top" >
< div class = "container" >
< div class = "navbar-header" >
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
2024-10-06 21:59:43 +02:00
< a class = "navbar-brand-anon" href = "\index.html" > The Nihilism Blog< / a >
2024-07-25 12:23:36 +02:00
< / div >
< div class = "navbar-collapse collapse" >
< ul class = "nav navbar-nav navbar-right" >
< li > < a href = "/about.html" > About< / a > < / li >
< li > < a href = "/blog.html" > Categories< / a > < / li >
2024-08-12 23:22:38 +02:00
< li > < a href = "https://blog.nowhere.moe/donate.html" > Donate< / a > < / li >
2024-07-25 12:23:36 +02:00
< li > < a href = "/contact.html" > Contact< / a > < / li >
< / ul >
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
2024-08-18 22:50:34 +02:00
< a href = "../index.html" > Previous Page< / a > < / br > < / br > < p > < img src = "../../assets/img/user.png" width = "50px" height = "50px" > < ba > nihilist@mainpc - 2024-05-02< / ba > < / p >
2024-07-25 12:23:36 +02:00
< h1 > Remote anonymous access setup (cockpit + ssh through tor) < / h1 >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /grey -->
<!-- +++++ Second Post +++++ -->
< div id = "anon3" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Initial Setup < / b > < / h2 >
< p > On your server, edit the torrc file like so:< / p >
< pre > < code class = "nim" >
[ Datura ] [ /dev/pts/9 ] [~]
→ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 80 127.0.0.1:4443
< / code > < / pre >
< p > Then just edit your local .ssh config to access it:< / p >
< pre > < code class = "nim" >
[ mainpc ] [ /dev/pts/7 ] [~]
→ cat .ssh/config
Host web-gw2024-dedi
User root
hostname 37.27.32.233
IdentityFile ~/.ssh/torified
Host tortura
User root
hostname daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
IdentityFile ~/.ssh/torified
proxyCommand ncat --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p
Host datura
User root
hostname 65.109.30.253
IdentityFile ~/.ssh/torified
< / code > < / pre >
< p > Then connect to the host via SSH:< / p >
< pre > < code class = "nim" >
[ mainpc ] [ /dev/pts/5 ] [~]
→ systemctl restart tor@default
[ mainpc ] [ /dev/pts/5 ] [~]
→ ssh tortura
The authenticity of host 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion (< < b > < / b > no hostip for proxy command>)' can't be established.
ED25519 key fingerprint is SHA256:A0CFTeUixGoK96VenBQ7Z2U8kX5olDCqBvBNeJUfs6I.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:144: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion' (ED25519) to the list of known hosts.
Enter passphrase for key '/home/nihilist/.ssh/torified':
Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu May 2 14:47:23 2024 from 178.255.149.178
[ Datura ] [ /dev/pts/11 ] [~]
→
< / code > < / pre >
< p > So < b > that's how you do it if you cannot access the server via a public IP directly< / b > , but keep in mind that the latency is most likely unbearable due to the 6 hops circuit (since we're doing it via the .onion link, rather than connecting to the IP directly)< / p >
< p > so you're probably better off just connecting to the IP directly but < b > forcing the SSH connection through tor using torsocks, which greatly reduces the latency (3 hops instead of 6)< / b > :< / p >
< pre > < code class = "nim" >
[ mainpc ] [ /dev/pts/7 ] [~]
→ torsocks ssh datura
Enter passphrase for key '/home/nihilist/.ssh/torified':
Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu May 2 15:48:08 2024 from 127.0.0.1
[ Datura ] [ /dev/pts/12 ] [~]
→ id
uid=0(root) gid=0(root) groups=0(root)
< / code > < / pre >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Cockpit .onion setup< / b > < / h2 > < / br > < / br >
< p > Let's install cockpit from the apt repositories: < / p >
< pre > < code class = "nim" >
[ Datura ] [ /dev/pts/11 ] [~]
→ apt install cockpit -y
[ Datura ] [ /dev/pts/11 ] [~]
→ systemctl status cockpit
● cockpit.service - Cockpit Web Service
Loaded: loaded (/lib/systemd/system/cockpit.service; static)
Active: active (running) since Fri 2024-05-03 13:30:51 CEST; 2min 5s ago
TriggeredBy: ● cockpit.socket
Docs: man:cockpit-ws(8)
Process: 3563910 ExecStartPre=/usr/lib/cockpit/cockpit-certificate-ensure --for-cockpit-tls (code=exited, status=0/SUCCESS)
Main PID: 3563926 (cockpit-tls)
Tasks: 1 (limit: 77002)
Memory: 2.4M
CPU: 355ms
CGroup: /system.slice/cockpit.service
└─3563926 /usr/lib/cockpit/cockpit-tls
May 03 13:30:51 Datura systemd[1]: Starting cockpit.service - Cockpit Web Service...
May 03 13:30:51 Datura cockpit-certificate-ensure[3563918]: /usr/lib/cockpit/cockpit-certificate-helper: line 25: sscg: command not found
May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: ......+.....+.+......+...+.........+...+..............+.+...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+++++++++++++++++++++++++++++++>
May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: .+.........+...+...+.......+........+....+..............+.........+......+.+......+..+.+..+...+....+...+.........+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++>
May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: -----
May 03 13:30:51 Datura systemd[1]: Started cockpit.service - Cockpit Web Service.
May 03 13:30:51 Datura cockpit-tls[3563926]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 03 13:30:55 Datura cockpit-tls[3563926]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
< / code > < / pre >
< p > once it completes, just connect to it on port 9090:< / p >
< img class = "imgRz" src = "1.png" >
< p > ignore the self-signed HTTPs warning and enable javascript afterward:< / p >
< img class = "imgRz" src = "2.png" >
< p > In the Tor browser, select the "Safer" security level to be able to browse to the cockpit service with javascript:< / p >
< img class = "imgRz" src = "3.png" >
< img class = "imgRz" src = "4.png" >
< img class = "imgRz" src = "5.png" >
< img class = "imgRz" src = "6.png" >
< p > if it refuses the login, make sure the user has proper sudo access like so::< / p >
< pre > < code class = "nim" >
[ Datura ] [ /dev/pts/11 ] [~]
→ useradd nihilist
[ Datura ] [ /dev/pts/11 ] [~]
→ passwd nihilist
New password:
Retype new password:
passwd: password updated successfully
[ Datura ] [ /dev/pts/11 ] [~]
→ usermod -aG sudo nihilist
[ Datura ] [ /dev/pts/11 ] [~]
→ visudo
# User privilege specification
root ALL=(ALL:ALL) ALL
nihilist ALL=(ALL:ALL) ALL
< / code > < / pre >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
<!-- +++++ Footer Section +++++ -->
< div id = "anonb" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-4" >
< h4 > Nihilism< / h4 >
< p >
2024-10-06 19:05:00 +02:00
Until there is Nothing left.< / p > < / br > < / br > < p > Creative Commons Zero: No Rights Reserved< / br > < img src = "\CC0.png" >
2024-07-25 12:23:36 +02:00
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > My Links< / h4 >
< p >
2024-10-03 21:57:20 +02:00
< a target = "_blank" rel = "noopener noreferrer" href = "http://blog.nowhere.moe/rss/feed.xml" > RSS Feed< / a > < br / > < a target = "_blank" rel = "noopener noreferrer" href = "https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D" > SimpleX Chat< / a > < br / >
2024-07-25 12:23:36 +02:00
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > About nihilist< / h4 >
2024-08-28 20:13:19 +02:00
< p style = "word-wrap: break-word;" > < u > Donate XMR:< / u > 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8< / p > < / br > < p > < u > Contact:< / u > nihilist@contact.nowhere.moe (< a href = "https://nowhere.moe/nihilist.pubkey" > PGP< / a > )< / p >
2024-07-25 12:23:36 +02:00
< / div > <!-- /col - lg - 4 -->
< / div >
< / div >
< / div >
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
< / body >
< / html >
