logs archiveIRC Archive / Oftc / #tor / 2009 / December / 23 / 1
no-name
i am trying to do 5. get your user ID for torchat: and get dave@dragon:~/Desktop$ sudo less /var/lib/tor/hidden_service/hostname
/var/lib/tor/hidden_service/hostname: No such file or directory
keb
did you add this line to your torrc? HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
and then restart tor
er
use /var/lib/tor/hidden_service/ instead of /Library/Tor/var/lib/tor/hidden_service/
if you are on linux
no-name
trying a repaste dave@dragon:~/Desktop$ sudo less /var/lib/tor/hidden_service/hostname
/var/lib/tor/hidden_service/hostname: No such file or directory
keb
you already pasted that
no-name: you havent got the hidden service running yet, or that directory and filename would be there
no-name
is their a way to check ?
keb
what does your tor log say
no-name
ummmm ?
keb
look in /var/log/tor for a log file
no-name
their is a log and a log.1 file the log file is empty and log.1 doesnt mention hiden services
         

keb
ok
where did you get that step 5. instruction
no-name
http://ubuntuforums.org/showthread.php?t=726118
keb
did step 3 work?
no-name
what is pastebin address?
or can i paste ere?
keb
pastebin.nl
never paste here
no-name
http://pastebin.com/d35000be4
keb
thats not enough to see if tor is running successfully
no-name
im sorry im a noob so im asking
keb
the log file should have more info on whether the tor published its descriptor and the orport was reachable from
outside
well it looks ok as far as it goes
no-name
is this better http://pastebin.com/m7c64d04a
keb
[warn] /var/lib/tor/hidden_service/ is not owned by this user (debian-tor, 118) but by root (0). Perhaps you are running Tor as the wrong user?
after you created the hidden_service directory, you have to set its ownership to debian-tor
sudo chown debian-tor. /var/lib/tor/hidden_service
then restart tor
no-name
worked
TY
keb
cheers
now you can continue with step 5
JC__
Hello, I'm looking to automate a process using Tor. However, i'm having some trouble finding the right commands or way to do it
I need to present a user with a location selection list like US states
the user would select the location and I would find the closes tor node to that location and use it as the user's exitNode
my trouble is how do I select the list of available notes and their properties
This will run on windows
keb
JC__ you can specify ExitNodes {us} in the torrc file to ensure exiting in the USA but why would you need to exit "closer" than that? internet speed within the continent is not related to geography as much as telecom infrastructure
JC__
Hello Keb, I know how to force exit nodes. What I need is a way to query the available nodes, so I can make a decision on which one to use
I need to use specific nodes because the destination page needs to see an IP address from a specific place
keb
yeah someone from india wanted something similar recently
JC__
so if my destination page requires an IP from NY to access the page I will use an exit Node from NY or the closest possible
keb
city-specific
JC__
right
         

keb
if you look at cached-descriptors you can see all the nodes available and create your own filter. you may have to run the ip addresses against maxmind's geoip database yourself, because Tor wont do it any finer than country
JC__
I was looking at vidalia
it pretty much does what I need, but it is a manual process
I guess I'm going to have to go through the Vidalia code
keb
there are also lists of nodes at http://trunk.torstatus.kgprog.com/
yeah, that would be an interesting mod
JC__
hmm, this page might prove useful
keb
i dont think it uses the same geoip info as vidalia
JC__
hmm, ok, thanks for the help keb
no-name
keb i seem to have done everything but it isnt runnung?
keb
you can ask more technical questions about vidalia in #vidalia
JC__
great, will do
keb
no-name if you do a "sudo netstat -lpn | fgrep tor" do you see your new hidden service listening on the port you configured it?
and do you see tor running
no-name
http://pastebin.com/m2312ae0e
keb
doesnt look like tor is running
er
yes it is
but your hidden service didnt get started
can you pastebin your torrc file
except any private bits
no-name
http://pastebin.com/d1c1436bc
keb
that looks ok
is there any indication in the tor log file why the hidden service didnt start?
misc
so, yesterday, i spoke about a article about tor and icognito in pc-magazin, here is the scan : http://www.zarb.org/~misc/tmp/tor.png ( warning, scanned at big resolutions, so the file is big, like 20m )
keb
20 meters?
no-name
http://pastebin.com/d33af0997
misc
keb: yup, you need a 20 m paper to print it
no-name
can i not have installed the pkg right?
keb
hmm the log looks ok too. did you restart tor after the last edit of torrc file?
no-name
just restareted to make sure
keb
misc that article is dated in the future
misc
keb: 01/2010 ? well, i got the magazin in zurich airport, so maybe there was some kind of time drift
keb
the article seems to be saying there is a incognito vm version
no-name
keb can i not have installed the pkg right?
misc
it seems so, yes, but using the livecd in vmware should be enough, no ?
keb
no-name tor seems to be installed and working. did you try browsing over firefox with it, or using it for irc?
no-name
it works in firefox bit not torchat
keb
no-name is torchat running? i ddint see it in the list of listening processes
no-name
i dont think so i think that i messed up the dl/move
keb
once torchat is running, the tor hidden service will forward packets to it
i think step 4 in your instructions was about torchat
no-name did you use the .deb package or install from source
no-name
i think that the install instruction i was flowing was for an older version
keb
looks like this torchat is a controller too, and it tries to start another copy of tor
nsa
or: phobos committed revision 21318 (/website/trunk/include): packages done.
keb
bah. this makes no sense to me right now
(Action) gives up on torchat
fossiiil
Can i run Tor entry guard on my own desktop with public IP?
i want to protect against correlation attacks and entry node sniffing...
What would you recommend me?
rip
Is it possible to use a Dynamic DNS service with Tor?
atagar
rip: seems like it would mostly defeat the purpose, but should - you're IP is just changing a lot more frequently (every 10 min?)
rip
atagar: here is my scenario. I have a home network which I would like to connect to from work. So, I setup a hostname with one of the many Dynamic DNS services out there. But when I connect to that hostname, I don't want that to reveal my IP address. Is this possible (with or w/o Tor)?
by connect, for example, I mean ssh
atagar
Ah, gotcha - sure. Just think of tor as a *very* dynamic IP, that's all
I'm not sure how gracefully ssh over dyndns like services transitions so you might get disconnected, but worth a try
I'm pretty sure you can also configure tor to change circuits less frequently if it's an issue
rip
So basically, I would need to setup the dynamic DNS update client to do its update via tor proxy, correct?
yeah, I was going to ask if my ssh connections would be lost every 10 minutes
Actually, I think many free Dynamic DNS services have a limitation on the number of times you can do an update per day... some as little as once per day... this might be a problem right?
atagar
if it's that small, yes - again I'd suggest taking a look at the options to see if there's a circuit duration torrc property
but if it's on the order of days it would be pretty horrible for anonymity
actually, I'd imagine tor wouldn't allow it since any circuit with that property would stand out too much, making it pretty trivial to pick you out - arma would know
in terms of losing the ssh connection it'd be best to run in a screen session for persistence, then probably have a script to automatically reconnect when detached
rip
ok forgetting dynamic dns for a second, is it possible to setup a Tor hidden service on my home network such that I can connect to my home network via ssh using a .onion URI?
fossiiil
you won't loose established TCP connection in middle when using Tor!
arma
rip: yes. even ignoring dynamic dns, it's possible.
rip: even better, you can do it even if you aren't reachable from the outside.
rip
arma: is there a howto for this, somewhere online - i mean specifically for ssh
arma
just redirect port 22 of your hidden service to localhost port 22
and then the remaining question is "how do i tell ssh to use tor", which you can find on the torify howto on the wiki
rip
but just to make sure I understand you, you're saying I can do a command like "ssh USERNAME@HOSTNAME.onion", where HOSTNAME.onion is my home network. I can connect via ssh from both inside and outside my home network (router)?
arma
yes.
rip
ok, i guess I will have to read the torify wiki w/ regards to ssh first
arma: also to confirm, and to take it one step further: Suppose I want to access an svn repository on my home network, and my svn server works via ssh (svn+ssh://USERNAME@HOSTNAME.onion/...), this should also work?
arma
yes. the hidden service part should be easy. the hard part will be getting your svn thing to go through tor.
shouldn't be so hard though. the way i'd do it is by setting a mapaddress in your torrc, and then just 'torify ssh ...'
similar to the instructions i wrote here for irc,
http://freenode.net/irc_servers.shtml#tor
rip
BTW, is this safe, or is the ssh password likely to be compromised by the tor exit node?
fossiiil
"Failed to find node for hop 0 of our path. Discarding this circuit." ?
what is it?
i'll paste my torrc...
arma
rip: should be safe. make sure you don't connect if it's the wrong ssh key. you know about ssh fingerprints right?
fossiiil: a pastebin might work better than pasting here
fossiiil
of course
rip
arma: only vaguely. doesn't openssh (client) give a warning if something doesn't look right?
arma
yes. make sure you check the fingerprint the first time, because it doesn't know, the first time, what the fingerprint ought to be.
fossiiil
http://pastebin.com/m408f6ef8
arma: i'm trying to run entry guard which is on public IP (my desktop)
arma
i don't see any LittleJuicyOnion in the consensus.
wait, that's you
fossiiil
yes
arma
you are trying to use yourself as your first hop?
fossiiil
yes
arma
i think you are confused about what tor is
your tor client is your first hop
or your zeroth hop, if you prefer
you are already starting at yourself
fossiiil
if somebody sniffs in our LAN, will be see my traffic unencrypted?
i guess no...it's only 'problem' of exit node, right?
arma
right.
fossiiil
so, running a server and using it as hop isn't a good idea?
on my machine
arma
it's an idea that doesn't make sense. it's like.. like if you're giving somebody directions from someplace, telling them "first, get to that someplace"
you are trying to make the first leg of your circuit be from you to you.
xtoaster
it shorten the circuite from 3 hop to 2 hop
fossiiil
ok
arma
your traffic will automatically start at you. it has to, that's where it is.
fossiiil
do i need entry guard?
xtoaster
its a security measurement
fossiiil
if understand it correctly, the chain is: (node 0, it's ME)--(node 1, entry guard)--(node 2, middleman)--(node 3, exit)--(TARGET)
xtoaster
right. for proxy function
fossiiil
ok
but to improve security, i should own and keep hardened node 1, entry guard, right?
xtoaster
entry guards are selected entry nodes. tor always use them as entry node rather than selecting new ones :)
fossiiil
ok, ok
xtoaster
to be short , its fixed entry nodes
fossiiil
i understnad
ok
i'd simply put node 1 on my box...
xtoaster
?
fossiiil
i posted configuration file link, but the setup is not working
xtoaster
you mean you want to be a relay and set your own relay as entry guard ?
fossiiil
yes
xtoaster
why would you do that ?
fossiiil
to be sure noone will ever monitor both my exit and entry
i mean, both, attacking endpoints
xtoaster
there is no need for this
fossiiil
i think i read something else
xtoaster
the encryption starts right from your tor client
so the actual endpoint of the tunnel tor established is on your machine already
it connects your and your exit :)
by seting yourself as entry node your reduced on hop in the circuite you build.
fossiiil
ok
xtoaster
this weakens your anonimoty
arma
fossiiil: you can't make sure noone ever monitors your exit and entry. by using your own node as entry, it just shifts where they'd have to monitor.
xtoaster
its easier to track you down
fossiiil
then why do we need entry guards at all?
arma
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#EntryGuards
running your own relays and using them as your first hop might be a good idea. it depends on what attackers you're expecting. but if you run that first hop on the same computer as the one you use your tor from, it won't gain you much. and if you make it the same tor process, then it makes even less sense.
fossiiil
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
exactly, i was reading it
ok
i'm just where i started from
then i can let Tor choose my first hop without caring about Entry Guards....
arma
right. it will keep you pretty safe.
the big worry for you is somebody watching your local network. using an entry guard you trust won't help you much there.
« prev 1 2 3 next »