this post was submitted on 10 Apr 2024
3 points (71.4% liked)

Tor - The Onion Router

1465 readers
1 users here now

Tips, tricks and information about the Tor network!

Tor Project

founded 4 years ago
MODERATORS
 

TLDR:

If I use SSH as a Tor hidden service and do not share the public hostname of that service, do I need any more hardening?

Full Post:

I am planning to setup a clearnet service on a server where my normal "in bound" management will be over SSH tunneled through Wireguard. I also want "out of bound" management in case the incoming ports I am using get blocked and I cannot access my Wireguard tunnel.

I was thinking that I could have an SSH bastion host as a virtual machine, which will expose SSH as a a hidden service. I would SSH into this VM over Tor and then proxy SSH into the host OS from there. As I would only be using this rarely as a backup connection, I do not care about speed or convenience of connecting to it, only that it is always available and secure. Also, I would treat the public hostname like any other secret, as only I need access to it.

Other than setting up secure configs for SSH and Tor themselves, is it worth doing other hardening like running Wireguard over Tor? I know that extra layers of security can't hurt, but I want this backup connection to be as reliable as possible so I want to avoid unneeded complexity.

you are viewing a single comment's thread
view the rest of the comments
[–] Stanley_Pain@lemmy.dbzer0.com 1 points 7 months ago

Relying on someone "not finding something out" is by definition security through obscurity. ;)

If you open up SSH to the Internet, any of it, secure it like your life depends on it :).