ioerror
commented
8 years ago I think this is as simple as adding these two lines to /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/ssh_hidden_service/
HiddenServicePort 22 127.0.0.1:22As well as installing opensshd like so:
sudo apt-get install openssh-serverIt is likely that in this case, we'd want to only bind to local host by setting this config option in /etc/ssh/sshd_config:
ListenAddress 127.0.0.1In the future, I think an ideal thing would be to patch OpenSSH to listen on unix sockets (Tor can make a Tor HS that is a unix socket rather than a tcp/ip end point) and then to spin up sshd inside of an oz container with only unix sockets and Tor HS for connectivity.
Ideally remote connection to a sgos machine would be be done by ssh'ing to an onion service. It would be great if that was the default configuration that occurs when sshd is installed.