TOR-SSH Chrootjail

# TOR-SSH Chrootjail ## Overview * Why Chroot * SSH * TOR * Commands and Configuration ## Why Chroot * also known as chroot jail * restrict access, testing, etc. ## SSH * secure shell * common method for remote access ## TOR * the onion router * route traffic to increase anonymity ## Commands and Configuration ### Client Machine This is the computer used to access the target (usually vps) Install tor (fedora linux example) ```bash= sudo dnf -y install tor && sudo systemctl enable tor && sudo systemctl start tor ``` Install ssh for your system (there are numerous references online) Generate the keys ```bash= ssh-keygen -t ed25519 ``` output: ```bash= Generating public/private ed25519 key pair. Enter file in which to save the key (/user/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /user/.ssh/id_ed25519 Your public key has been saved in /user/.ssh/id_ed25519.pub The key fingerprint is: SHA256: [redacted] user@hostname The key's randomart image is: +--[ED25519 256]--+ | | | .| | . ..| | o .. o.| |. o S o..++..| |.o = o +..+o.oo| |..+ * =.E. oo++| | oo+.B oo .o=oo| |. +o.o .. o+.. | +----[SHA256]-----+ ``` Next copy the public key ```bash= cat .ssh/id_ed25519.pub ``` output: ```bash= ssh-ed25519 LONG_STRING user@hostname ``` ### Target Machine This is the server or host to access Install tor and create a hidden service for ssh `sudo vim /etc/tor/torrc` ```bash= HiddenServiceDir /var/lib/tor/sshd/ HiddenServicePort 22 127.0.0.1:22 ``` Restart tor ```bash= sudo systemctl restart tor ``` Get the hostname from `sudo cat /var/lib/tor/sshd/hostname` Create user for the chrootjail `sudo adduser inmate` Add user to the chrootjail group `sudo usermod -aG chrootjail inmate` Reboot to ensure changes take effect Create a directory for the chrootjail ```bash= mkdir /var/chroot ``` Use the bash script below for quick setup. Modify as needed. https://linuxconfig.org/how-to-automatically-chroot-jail-selected-ssh-user-logins ```bash #!/bin/bash # This script can be used to create simple chroot environments # Written by LinuxCareer.com # (c) 2013 LinuxCareer under GNU GPL v3.0+ # update directory as needed CHROOT='/var/chroot' mkdir $CHROOT for i in $( ldd $* | grep -v dynamic | cut -d " " -f 3 | sed 's/://' | sort | uniq ) do cp --parents $i $CHROOT done # ARCH amd64 if [ -f /lib64/ld-linux-x86-64.so.2 ]; then cp --parents /lib64/ld-linux-x86-64.so.2 /$CHROOT fi echo "Chroot jail is ready. To access it execute: chroot $CHROOT" # usage: ./chroot.sh /bin/{ls,cat,echo,rm,bash} /usr/bin/vi /etc/hosts # passing in executables to include in the chroot ``` To edit ssh session for chroot jail edit `/etc/ssh/sshd_config` ```bash Match group chrootjail ChrootDirectory /var/chroot/ ``` restart ssh `sudo systemctl restart sshd` Hopefully the public key from the client machine is still handy Update the audit user ssh information `su inmate` `cd /home/inmate` `mkdir .ssh` `touch .ssh/authorized_keys` `echo PASTE_PUBLIC_KEY >> .ssh/authorized_keys` ### Access over TOR Ok, back to the client machine let's test it out! We will use torsocks for simplicity `torsocks ssh inmate@abc123.onion` Note: since we are using an anonymizing layer, speed will be significantly impacted ## References * [chroot](https://en.wikipedia.org/wiki/Chroot) * [tor](https://tor-browser.app/download/index.html) * [ssh](https://www.ssh.com/academy/ssh)