stribika.github.io icon indicating copy to clipboard operation
stribika.github.io copied to clipboard

Published 20 hours ago verified publisher icon stribika

Suggest using a stealth Onion service for even greater security.

Open fabacab opened this issue 8 years ago • 3 comments

A stealth Onion service is a form of mutually authenticated connection between a Tor hidden service and a Tor client. The Tor server's identity is verified by virtue of its .onion address, whereas the client is authenticated by means of a pre-shared key, called a client authorization cookie. This form of client authorization over Tor is especially useful to prevent attackers from being able to connect to your SSH server and retrieve its private key fingerprint, because the Tor process will reject any connection that does not supply a valid client authorization cookie before ever passing the traffic on to sshd.

fabacab avatar Aug 19 '17 07:08 fabacab

If you read the instructions on the OnionShare wiki, you will see that they do derive from a standard Tor. OnionShare is irellevant. The link was provided because it is exactly the same content as what is needed to inform a layperson how to configure a Tor client to connect to an Onion service, except they have already been written, so I saw no need to rewrite them (yet again). :)

fabacab avatar Jan 29 '18 15:01 fabacab

Any information that isn't absolutely precise and relevant is surplus to requirements, and it can be a nuisance, it can pollute content. You must think like a technical writer, and must not assume everybody has your background or better, to tell at a glance what's important, what's real and what's accessory, tell the wheat from the chaff. If you don't, people of a methodical mind who read this product page (Secure-secure-shell) will at best be annoyed, or distracted, or bewildered; people who're new to these issues may be confused, they may be misguided or misled, they may think they need to use OnionShare to achieve their ends when they do not. The overall quality of Secure-secure-shell is stribika's responsibility, and his also to accept, reject, or delay indefinitely any pull requests. Yours if you wish to collaborate is to submit thoughtful, carefully crafted, best-you-can pull requests. Mine is to comment when I feel these high standards aren't adhered to.

jchevali avatar Jan 30 '18 17:01 jchevali

Thank you for reiterating the conversation so far. It sounds to me like everyone involved is doing exactly what you describe. :) Have a pleasant day.

fabacab avatar Jan 30 '18 17:01 fabacab