/os/ - Online Security

News, techniques and methods for computer network security.


New Thread
X
Max 20 files0 B total
[New Thread]

Page: Prev [1] [2] [3] [4] Next | [Index] [Catalog] [Banners] [Logs]


DISCUSSION THREAD
Want to say something off topic about anything?

Have a hot tip about something in the computer security world that doesn't fit into any current thread or category?

Want to chat with your fellow invisible 7 proxy friends?

Want to tell Lt. Gen Michael Hayden, GEN Keith Alexander, ADM Michael Rogers, GEN Paul Nakasone, GOOGLE, AMAZON, FACEBOOK and Microsoft etc. how you feel?  

It's open mic at >>>/os/ , anything goes!! 

Put all of your banter here:
55 replies omitted. Click to expand viewer


Just watching the Kim, Moon,Trump impromptu meeting.  

When Kim comes to America, President Trump should take him to go watch the Chicago Bulls play a match live, court-side at the United Center, with Dennis Rodman, and Billy Corgan...  Michael Jordan should come along too. Afterwards they should go get burgers, fries and hotdogs, and then fly in the presidential helicopter back to the White House for talks.  Trump would get re-elected in a landslide. I'd pee myself laughing, and I'm looking forward to it.

 >>/1425/
Gotta let him have a free throw or do a layup at half time too! 

No wait... he should setup a pass to Jordan to do to do an Alley-oop slam dunk at half time. Then Kim could wave at the crowd and smile then go back to his box to watch the second half. Trump and Kushner would give a standing ovation. That would be awesome don't you think ?

 >>/1426/
We need Rodman in there too!  Chairman Kim dribbles at center court, then he passes to Rodman. Rodman does some moves, sets up the Alley oop for Jordan. Jordan Hangs on the rim after the dunk.  I'd be on the floor. Make my dreams come true...Just do it.



############### BEGINNING OF GUIDE ##########################

In this thread I document and revise how to set up a tor hidden service email server, you may substitute the servers that you are most comfortable with.

STEP 0) Collect the relevent files from The Endware Hidden Service
Set up a tor mail server using postfix or OpenSMTPd, with dovecot for imap or pop.

You may contact me anonymously at  endwall@zvdcyrpole74oo24gqkx2wh6rmrthrhexzik5dm6xf7ewtiekxmvqwqd.onion
Use endmail.sh to send mail to this account.
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endwall_pgp.asc

Encrypt with pgp and send messages and files by email on a tor hidden mail service on port 25.

Everyone should do this. Then just share your hidden service address and handle.

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endmail.sh

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endfix.cf

http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/content/dovecot/   STEP 1) Install Postfix

$ su
# torsocks pacman -S postfix dovecot
# ...

# cd /etc/postfix/
# cp endfix.cf /etc/postfix/main.cf

STEP 2) Install Dovecot

# cd /etc/dovecot/
# mkdir -p conf.d
# cp dovecot.conf /etc/dovecot/dovecot.conf
# cp *.conf /etc/dovecot/conf.d/
# cp *.ext /etc/dovecot/conf.d/

STEP 3) Make ssl self signed certificates for postfix and dovecot
And place these in the appropriate directory
This might require entropy so you might need to run haveged first

# torsocks pacman -S haveged
# haveged

# mkdir -p /etc/pki/tls/certs
# mkdir -p /etc/pki/tls/keys
# cd /etc/pki/tls/keys
# openssl req -x509 -newkey rsa:4096 -keyout postfix.key -out postfix.crt -days 365 -nodes
# openssl req -x509 -newkey rsa:4096 -keyout dovecot.key -out dovecot.crt -days 365 -nodes
# mv postfix.crt ../certs/
# mv dovecot.crt ../certs/

or use libressl or gnutls and create the same certificates

now go back and edit /etc/postfix/postfix.cf and /etc/dovecot/dovecot.conf to reflect the location of the certificates and keys

STEP 4) Start the services

# systemctl enable postfix
# systemctl start postfix

# systemctl enable dovecot
# systemctl start dovecot

or the openrc equivalent to enable and start the services.

STEP 5) Setup tor for mail hidden service

# mkdir -p /srv/tor/mail

Add this to your torrc file and start tor

nano /usr/local/etc/tor/torrc

HiddenServiceDir /srv/tor/mail/
HiddenServiceVersion 3
HiddenServicePort 25 127.0.0.1:25

your hidden service name will be generated and placed in the directory /srv/tor/mail/hostname

# cat /srv/tor/mail/hostname

This is the hostname for your mail server. Go and edit /etc/postfix/main.cf to reflect this.

Do Not Share the private key from this directory with anyone, and change the permisions to read only with no access to other.

# chmod o-rwx /srv/tor/mail
# chmod g-rwx /srv/tor/mail
# chmod u-w /srv/tor/mail

#################### INTERMISSION #########################################
4 replies omitted. Click to expand viewer

Maximum Security Encrypted Message Communication Protocol (MSEMCP)

Author: Endwall from the Endware Development Team 
Creation Date: August 8, 2017
Copyright: The Endware Development Team (c) 2017
License: You are Free to Study, Reproduce, Copy, Modify, Implement, Test, and Use this protocol as described below, in the spirit of the Endware End User License Version 1.15.  

Description:

This protocol MSEMCP  provides:
1. Message security through physical isolation of the encryption station by a read only Floppy Disk Message Sneaker Net (FDMSN)
2. Strong Public Key Cryptography using RSA 4096 bit.
3. Transmission and reception anonymity through Tor with 12 hops. 
4. Trust and Verification through TLS 1.2 with RSA 4096 bit, and Self Signed Server Certificates to compare repeated server connections. 

All of which can be implimented with 4 tools: 
1) A Base install of a *nix BSD or GNU operating system in text mode. 
2) GNU privacy guard (gpg) on the airgapped encryption decryption system. 
3) TLS 1.2 using RSA 4096 certificates from OpenSSL used in a Postfix  Mail server to allow for certificate comparison to build trust and continuity.  
4) Anonymity durring message transmission and recption using the Tor network with 12 hops,(and weak encryption SHA1 RSA 1024).

Minimal instalation: 

Computer 1 (Transmision computer) 
1. Base install of *Nix in TEXT MODE no GUI / or use a GUI (whatever) 
2. Postfix (or OpenSMTPD ), Tor, Torsocks, Swaks, OpenSSL ( or LibreSSL or GnuTLS)
3. endget.sh, endmail.sh, endfix.cf (for postfix) 
4. A 3.5" Floppy drive with 1.44MB HD IBM format Floppy Disks 

Computer 2 (Decryption/Encryption Station)
1. Base install of *Nix + Full disk encryption in TEXT MODE no GUI 
2. Gnu Privacy Guard gpg 
3. Air Gap : Unplug the computer from internet permenantly post installation
4. A 3.5" floppy drive with 1.44MB HD IBM format Floppy Disks

Encrypt and Decrypt messages on Computer 2 with gpg and Send messages with endmail.sh and Receive messages with Postfix with endfix.cf on Computer 1
Move the keys and messages by read only 3.5" floppy disk files.  Do not substitute USB for floppy disk read only files (STUXNET).

Also after writing the encrypted message onto the floppy disk, eject it and then flip the write protect tab on the floppy. So that you only read encrypted.asc and sha256sum.txt from the floppy on your transmission work station when sending the file. 

In general you can improve this protocol by having 2 air-gaped computers, that share your private key. One for decrypting messages, the other for encrypting messages. That way information never flows back and forth between your air-gap stations and the transmission computer.


      READ ONLY             Floppy 1          computer 1
[TRANSMISSION STATION] ENCRYPT STATION] 
                                              
                                                  computer 2
                                Floppy 2         READ ONLY 
[TRANSMISSION STATION] --------------> [DECRYPT STATION] 


The transmission station has the tor mail server (postfix) with tor and endmail. The Encrypt and Decrypt station are separate computers that share your private key for pgp (not necessary if you're not signing anything, since you encrypt with the counterparty's public key only) . Both are air gaped / full disk encrypted running OpenBSD, and floating on a battery backup (off the power grid). Basically unplug your UPS from the wall for 15-20 mins while you do this operation, shutdown the computer then plug the APC back in to recharge the batteries. If malware flows in to the decrypt station, it can't return to the transmission station or jump across to the encrypt station. Nothing ever flows in to the Encrypt station only out.

If malware flows in to the decrypt station, it can't return to the transmission station or jump to the encrypt station. Nothing ever flows in to the Encrypt station only out. Nothing flows out of the decrypt station only in.

If you don't need to sign anything you could encrypt messages for your recipients without your private key. That way the private key will only be on the decrypt station and information never flows out of it, only into the decrypt station, so there is no chance to steel the private key. READ only is enforced by the write protect tab on the floppy, and by not writing anything intentionally.

Nothing should flow into the encryption station, but I guess you have to get the public keys for your recipients onto the encryption station somehow, so you can make an exception for that, or do it during installation if you have a small consistent set of people that you communicate with. Or just risk bringing in a new public key by floppy disk. It's a very small attack surface. 

The point is to assume that the transmission computer can or will get compromised by a keylogger, or by other malware, since it is internet connected, and to shield the messages by encrypting on the air gap.

You might need to jump new public keys onto the encryption station but aside from that nothing comes in, only messages go out on it. With the decryption station nothing comes out, only encrypted messages go in.

1.44MB is enough to have a book's worth of text. That should be enough for passing messages. 
The King James bible is 4.3MB uncompressed 1.3MB compressed with gzip. So 2 floppy disks should be sufficient to shuttle messages back and forth for a couple of years.

If both message counter-parties did this protocol, it would be pretty secure. If your messages were leaked at that point and you discovered it by some means, you could safely assume that the person that you are communicating with is a rat,snitch,traitor, etc., who forwarded the decrypts along to your adversaries / enemies. 

Its not unbeatable, for instance someone could install a camera in your room...and point it at your decrypt / encrypt station monitors,or keyboard, or have switched your keyboard for your encrypt station with a keyboard with RF signalling by physical access, which is why physical security is also important.




I thought that we should have a thread on running a Tor relay from home, as it didn't seem to fit in with the existing Tor thread. There are several benefits, namely that it mixes any traffic you yourself make on Tor with the traffic of others, which could make it harder to perform traffic correlation. It also increases the bandwidth of the Tor network, of course.

torrc Relay Configuration
Nickname 
ORPort 9001
ExitRelay 0
SocksPort 0
ControlSocket 0
ContactInfo 

This config sets up the Tor daemon to run as a middle node. I'd recommend using a separate email as the contact info. The nickname can be anything you want.
It's possible to run it as an exit node, by changing ExitRelay to 1. However, this is very likely to bring the attention of your ISP/Law Enforcement, and you'll probably get banned from many clearnet sites.

It's best to check if your ISP cares about running a relay; mine is apparently fine with it, but I imagine that some may get annoyed and send you letters, or rate limit you or something like that. There's a list at https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs, although it is incomplete.

This thread would probably be good for discussing running similar things with other networks (BT seedboxes, GNUnet nodes etc).


The Endware EULA is one of the most insanely idiotic things I have ever read. At no point in your rambling, incoherent license were you even close to anything that could be considered a rational thought. Everyone in the open source movement is now dumber for it having been written. I award you no points, and may God have mercy on your soul. 

Also, btw, it's probably not meaningfully enforceable. A halfway competent lawyer would tear it to shreds in a court of law.

You should really consider changing it to one of the standard OSI or FSF approved licenses, most of which have been vetted by lawyers, some of which have actually been tested in court and (almost?) none of which are insane garbage like the Endware EULA.
14 replies omitted. Click to expand viewer
>  The enumerations presented were examples and are not meant to be exhaustive, however they were meant to be funny. 
>  For your own sake, and the public's, don't quit your day job to pursue a career in comedy writing. 

The part I get a chuckle out of every time I read it is the solar system and space transport vehicles part, I picture Elon Musk reading the license and saying "This is a great license for our project", and then I get a mental image of astronauts on the International Space Station flipping channels on endstream and endtv to pass the time.  The rest was meant to be serious.

>  What constitutes a "neighbor"? That's not a term with a defined legal meaning, and to the extent that it has one, it's not what you seem to think it means. I can't share the code with someone in another country? They're not my neighbor. Or do you mean it in a metaphorical sense? Legal documents are probably a bad place for metaphors. 

This is a valid complaint.  I'll change the word neighbor to recipient .

>  You say modify AND improve, not modify OR improve. I can only modify it if I improve it? What if you think my changes make it worse? Who decides? You? I guess I'm in violation of the license, then. 

This is a valid complaint. I'll remove the word improve.  You can freely modify the code and run and distribute the modified code.  Improvements are not required, and I won't be the judge. I'll only be the judge of what is released by Endware.  

###########

I'm going to make 2 licenses, the first will attempt to rectify some of the complaints by adding and deleting words, and the second will be a simplified license where I delete everything that is redundant and attempt complete generality on the first line of every category. 

I'd like to get more opinions about the license than that of just a single user or detractor.  Don't we have a resident copyright lawyer?  MikeeUSA?  Maybe he can help me.  Does anyone else have any positive or negative comments about the current license they would like to share? If so feel free to add to the discussion below.

I included government, and legislators to specifically point out that they should protect themselves from unlawful surveillance by the military (NSA, FBI, CIA etc) and corporations (GOOGLE, AMAZON, FACEBOOK, etc) in order to avoid blackmail and coercion, and to focus on strengthening the core institutions of western democratic society (Legislative, Executive, and Judicial branches of government) from attacks by hackers, foreign and domestic military intelligence services, etc.  

But to be realistic they probably have proper high end security software and don't need Endware, but maybe they don't, I don't know... I'm sure they have something better.  But just in case...

> Any user of this program is granted the freedom to run this code on any computer of their choice.
>  I can run it on other people's computers without their permission!? Nice! 

Can I run iOS on an Android Phone? or MacOS on regular arbitrary x86 gear?

You can run Endware on any computer architecture you want, and on any hardware device you want to. Including on other people's machines, but you might be breaking the computer misuse laws in doing so, not my copyright license grant.

ME:
1) I grant that the letters A,B,C,D and H have property ZINGER
2) I grant that all roman alphabet letters both upper case and lowercase have property ZINGER 

YOU:
But what about L,M,N,O,P, do they have property ZINGER?  You must have omitted these for some reason they must Not have property ZINGER!

SOLUTION:

{ A, B, C, D, H } Union (Roman Alphabet) = Roman Alphabet.

L,M,N,O,P  are letters in the set Roman Alphabet and hence also have property ZINGER.

QED.

> but if you ever have the chance to run it by a lawyer, you should. After he gets done laughing, explain that it's not a joke. At this point, you'll need to ignore the look of pity on his face and explain that you're not mentally retarded, either. Then you can let him explain why your license is such a piece of shit.

I'm going to bring an HD digital video camera to the meeting and zoom in slowly so that I can catch the moment that the facial expression changes from mirth to sadness then to pity.  I'll upload it as a webm onto Endchan or perhaps as an animated gif.



Endwall guy should keep irrelevant compile instructions in this thread by editing the OP or edit the Sticky thread before purging said irrelevant posts in various threads. Just remind them to compile from source and redirect them to this thread.
9 replies omitted. Click to expand viewer
is there reason to use torsocks over git's builtin socks5 proxy?

wouldn't it be better if you just register 127.0.0.1:your_tor_port as http.proxy and https.proxy variable by git config?

Not sure what revision of git your distro ships with but using torsocks should be considered depreciated hack for applications with builtin socks5 proxy support.

Install REOP from Source
###############################################
$ mkdir -p ~/src
$ cd ~/src 
$ endget --no-check-certificate https://www.tedunangst.com/flak/files/reop-3.0-snapshot.tar.gz
$ tar -xvf reop-3.0-snapshot.tar.gz 
$ cd reop 
$ ./configure 
$ make 
$ ./reop --help 
$ cd ~/bin 
$ ln -s ~/src/reop/reop reop 
$ export PATH=$HOME/bin:$PATH
$ reop --help

Generate a key pair
$ cd ~ 
$ mkdir -p crypto 
$ cd crypto 
$ mkdir -p reop 
$ cd reop 
$ pwd 
~/crypto/reop 
$ reop -G -i endwall
Enter a passphrase:

$ ls ~/.reop
pubkey seckey

Encrypt / Decrypt
$ cd ~/crypto/reop
$ echo "This is the message" >> message
$ reop -E -i endwall -p ~/.reop/pubkey -m message 
passphrase: 
$ ls 
message message.enc 
$ reop -D -p ~/.reop/pubkey -m decrypt -x message.enc 
passphrase: 
$ ls 
message message.enc decrypt
$ cat message
$ cat message.enc
$ cat decrypt

Useful for encrypting passwords.txt file on an air gap for passwords generated using passgen

#########################################################






A lot of browser addons or extensions claim to improve privacy and security. These include Ghostery, Disconnect and Privacy Badger along with a slew of others.

I think for most entry level computer users that those type of addons might provide something useful. To people who are more experienced with browsers and their extensions they seem like a gimmick or just fancy visual feedback. A lot bells and whistles with very little actual functionality.

What can really make surfing the internet a much safer experience? If we focus on HTTPS, SSL and Digital Certificates then we have a good head start. From there we can protect ourselves from ads that might lead to sketchy websites. We can beef up our passwords and add authenticators to our accounts. At the most zealous level we can disable javascript and flash.

The following extensions are for Chrome.

https://chrome.google.com/webstore/detail/adblocker-ultimate/ohahllgiabjaoigichmmfljhkcfikeof?hl=en

Adblocker Ultimate accomplishes the two jobs that all adblockers must. First it has to have a pretty good idea of what is undesirable content and what it is that users want to see or interact with. Also there are no false positives; Adblocker Ultimate pretty much never identifies images or other website content as ads when they aren't.

The extension is also easy to turn off. You can disable it entirely or just for a webpage. The function that allows you to add new blocked elements works extremely well.

https://chrome.google.com/webstore/detail/authy-chrome-extension/fhgenkpocbhhddlgkjnfghpjanffonno?hl=en

Authy integrates authentication into the browser. I have not personally used this extension. The use of authenticators is extremely powerful security wise. I prefer to use my phone and download apps that have authenticators because I see having two different pieces of hardware as more secure than an application running beside another on the same device.
https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en

HTTPS Everywhere forces connections on websites to be made through HTTPS instead of HTTP. I have seen a number of times where a website's homepage will have HTTPS enabled but some other portion will not be encrypted through HTTPS.

https://chrome.google.com/webstore/detail/kb-ssl-enforcer/flcpelgcagfhfoegekianiofphddckof?hl=en

KB SSL Enforcer redirects the browser to use SSL/TLS.

https://chrome.google.com/webstore/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei?hl=en

Keeper Password Manager is by far one of my favorite addons. It does a perfect job of saving usernames and passwords. It allows for the easy generation of new passwords that are extremely secure. The features that it offers for free are top notch.

https://chrome.google.com/webstore/detail/pop-up-blocker-for-chrome/bkkbcggnhapdmkeljlodobbkopceiche?hl=en

Poper Popup Blocker is effective and consistent about blocking popups when the browser and adblocker fail to do so.

https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en

Script Safe is overkill and is far too strict by default. Youtube, Twitch and many other websites will not function at all with this extension.

I found myself transitioning from Chromium to Iron and finally to Iridium. It happens to be my favorite derivative of Chromium.

https://iridiumbrowser.de/downloads/

If you don't trust password managers then I suggest using a solution like pass the unix password manager. 

https://www.passwordstore.org/

Also you can just generate passwords with password card and last pass.

https://www.passwordcard.org/en
https://lastpass.com/generatepassword.php

 >>/1035/

I don't endorse google chrome, and generally avoid any products and services produced by this company if you want to maintain computer and internet privacy and security.  Their entire business model is to invade your privacy and sell the information to advertisers and to the government. Avoid all of their products if possible.  

That said I'm sure this thread might be helpfull to windows users.  So go ahead and start a Windows 7 security thread as well.

https://chrome.google.com/webstore/detail/ipfuck/bjgmbpodpcgmnpfjmigcckcjfldcicnd?hl=en-US
IPFuck generates random IPs and fake the use of a proxy with HTTP headers.
It can make you anonymous on several websites.

https://chrome.google.com/webstore/detail/trackmenot/cgllkjmdafllcidaehjejjhpfkmanmka?hl=en-US

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Chrome Browser and popular search engines (AOL, Yahoo!, Google, and Bing) and requires no 3rd-party servers or services.


https://chrome.google.com/webstore/detail/automated-free-proxies-di/ojjklffhhhfpeaelghfocilljceokage?hl=en-US

CIAO identifies trusted and working free proxies using its own community. CIAO is instrumented to collect anonymous data about proxy performance and behavior (e.g., amount of data downloaded, page download duration). This data is reported to our servers as an input for the proxy selection algorithm. To bootstrap this process, our servers discover free proxies by crawling proxy aggregator websites. Each proxy is then tested daily to verify reachability, performance, and behavior. 
(useful for sites like mega.co.nz)

https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on-Chrome-Without-Google‘s-Permission

I would recommend getting the binary, or compiling yourself, a Firefox 52 ESR. ESR/Nightly/Dev builds have extra features that regular versions don't. Such as installing non-Mozilla signed apps and more about:config options. 

https://www.mozilla.org/en-US/firefox/organizations/

I would also recommend using this doc to mess with your settings in about:config. It's not a comprehensive list (I've yet to be able to spoof my vendor), but it has enough where you can work towards making yourself camouflaged. Using this site 

http://kb.mozillazine.org/About:config_entries

You can check more in-depth stats about what your browser is giving off. Like, even if you resize your window, your browser still tells websites your native resolution. 

https://browserleaks.com/

And HTML5 canvas is one of the best ways to track you, considering it generates a near-unique signature for users. For this, you should use this and set your settings to "fake readout API" and "constant" for random number generation. This will help blend you in with the rest of the user info. Turning it off is almost as bad as having it on, because that in and of itself is a unique fingerprint. 

https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/



There isn't a single person who would use FreeBSD on real hardware. You can't easily port Linux drivers to it, not much community support... Really, using Gentoo FreeBSD edition or Source Mage is better.

I installed FreeBSD 10 on a Sun Microsystems UltraSparc Creator 3D workstation that I got for $30.  OpenBSD wouldn't work, something about a bad magic number or something.  Anyways the NVRAM had a dead battery so I couldn't get it on the internet because it couldn't register a MAC address which is stored in the NVRAM. I read an article about soldering the NVRAM with a new battery. Replacement is like $70 for a new NVRAM. So it's in the basement for future projects.

That aside I have about 2 or 3 PowerMac G5 silver towers ($50 for a dual 2.3GHz) that I want to install FreeBSD onto.  I've read that this is the way to go with those things. I'll experiment with it this summer.  

I think if you're going to go BSD go OpenBSD, but really these are for different purposes.  If you need to have drivers for video cards and for multiple desktop environments use FreeBSD.  If you want nothing to work, no drivers for video cards, etc but a secure environment then use OpenBSD.  I mainly use Parabola, Gentoo and OpenBSD. Different use cases for different jobs.  I ultimately want to migrate my linux experience to something like Source Mage evenutally when I have more time to spend reading and installing/fixing computers.   But I'm too busy with school to change gears right now.   

FreeBSD friends post your security tips here in this thread.  Links to articles and tutorials about FreeBSD security and other helpful tips are also welcome.  Thanks for starting the thread OP.




http://bitmixegkuerln7q.onion/ - Darknet bitmixer.io
http://cleancondgqja34b.onion/ - CleanCoin
http://foggeddq65qveh2g.onion/ - BitcoinFog 
http://blenderi54mbtyhz.onion/ - BitcoinBlender 
http://grams7eo7mkagczs.onion/ - Helix Light 
http://braveb6iyacflzc2.onion/ - BraveBunny 
http://btcmixxihego4qyg.onion/ - BTCmix 
http://laundryzlzgnni4n.onion/ - BitLaundry 
http://btcwassndakf7wyc.onion/ - Bitcoin Wash






How can I anonymously ssh into something? Going through Tor and using a freshly generated key for identification is obvious, but how can I make sure that there is no data leakage above all that? I haven't been able to find any guides on that, even though it seems like something a lot of people might be interested in doing.
2 replies omitted. Click to expand viewer


 >>/620/
Commenting out
SendEnv LANG LC_*
can help too.

Disabling pubkey auth is important. If you have passwordless key or have key loaded in ssh-agent, option
-oPubkeyAuthentication=no
disables pubkey auth completely.

Also, there's this thing to demonstrate deanon by ssh key:
https://github.com/FiloSottile/whosthere





Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


0 replies | 0 file
New Thread
Max 20 files0 B total
Refresh

Page: Prev [1] [2] [3] [4] Next | [Index] [Catalog] [Banners] [Logs]