21

I have a web server set up and would like to connect to it from outside using Tor. The web server simply serves up a simple webpage that will act as an interface for a program running on the machine. It is not meant to be accessible by anyone else.

If I set up another computer with SSH and set to log in using SSH keys to act as an SSH tunnel, is this secure enough from most attackers?

With the SSH tunnel and Tor in place, is there a reason to use SSL or is all this secure enough? What attacks are still possible and how do I defend against them?

user942937
  • 983
  • 8
  • 14
  • 9
    To verify, you mean "ssh using key-based authentication" (or some such), and NOT "ssh without a password", right? If so, it would be worth editing the title to match. I won't do so without having verified your intent, though (since to me, that subtle wording change carries a significant difference in intent and risk). – Soron Jan 04 '19 at 12:31
  • 3
    Actually, scratch that, I didn't quite read far enough (read it too quickly). Further question, for clarification: you've got an *externally-accessible* webpage, right? Or are you making the HTTP request on localhost (and/or another LAN address)? That's also going to be a relevant detail, moreso than the SSH itself. – Soron Jan 04 '19 at 12:34
  • Yup. Two machines: one with the externally-accessible webpage and another used for ssh-tunneling. Unless there's a way to have them both on just one machine. – user942937 Jan 04 '19 at 12:38
  • That would be FAR safer to set up that way, yes. Let me type up an answer about that, since the current answer only seems to cover the SSH/Tor side of things, without detailing the risks of having an admin-y panel served by a webserver open to the whole internet. – Soron Jan 04 '19 at 12:42
  • If that automated login is only for port forwarding you can use a user which does not allow shell access. While key based authentication is very strong the key on the client side is the weakness, so limiting reach can additionally mitigate risks. – eckes Jan 04 '19 at 15:34
  • you should consider setting up the SSH user you use for your tunnel to only have tunneling privileges - https://unix.stackexchange.com/questions/14312/how-to-restrict-an-ssh-user-to-only-allow-ssh-tunneling . Thus if your key is compromised they can (probably) only open new tunnels rather than access your server. – Freiheit Jan 04 '19 at 17:05

3 Answers3

34

If you are using public key authentication for SSH, no one can log in to the server without having the corresponding private key. This is as secure, and usually more secure, than password authentication. The encryption OpenSSH provides is state of the art; there is no known way to break it. You can further improve security on the Tor side by using authorized hidden services. This will make the domain inaccessible to all but your client. Note that this only works with v2 hidden services, not the latest v3. Since v2 has been deprecated, this is unfortunately no longer possible.

The only remaining attack would be a man-in-the-middle attack. You can copy over the host key from the server to your client, just like you copied a key to make public key authentication possible. This will completely mitigate MITM attacks and the client will warn you if an attempt is detected.

See also What is the difference between authorized_keys and known_hosts file for SSH?

forest
  • 65,613
  • 20
  • 208
  • 262
  • Hi. Thanks for answering. I'm not sure if this is unrelated, but if I'm on DHCP, how can I find out my IP address to have the machine accessible through tor? Or is static IP the (only) way to go? – user942937 Jan 04 '19 at 11:35
  • @user942937 If you always are going to use tor to connect to it, setup a tor hidden service on the machine, this way it gets an union domain name you can use to connect to it from the outside (without requiring static ip's or port forwarding), and since the name always stays the same, you are protected in the way the answer describes when comparing the host keys) – Ferrybig Jan 04 '19 at 13:39
  • 6
    It may be worth pointing out that if using public key authentication one should not forget to disable password authentication completely in order to reduce the attack surface. – zakinster Jan 04 '19 at 14:37
  • "The only remaining attack would be a man-in-the-middle attack." this can also be mitigated with DNS `SSHFP` records and, maybe, if you are using certificates and not just keys with DANE and DNS `TLSA` records. In both cases the zone needs to be DNSSEC enabled. – Patrick Mevzek Jan 04 '19 at 19:45
  • @PatrickMevzek OP is using Tor onion domains, which do not use DNS. – forest Jan 04 '19 at 21:01
  • This answer covers the network traffic. It is worth mentioning the private key should be encrypted. A plaintext private key is comparable to a password stored in plaintext. Even in a trusted environment, this is not ideal. – nrolans Jan 09 '19 at 00:51
8

The existing answer written by forest details the security of the SSH/Tor side of things (quite secure if set up correctly), so I won't rehash that here.

I notice that you're asking mainly about client-side security ("can someone interfere with my browser?"), but I would say that server-side security ("can someone use my website/program without permission?") is also a quite important consideration when setting up a web-based program management interface.

There is potentially a very large risk to having a sensitive webpage open to the whole internet, so you really DO need to use some sort of security measure on the webserver side - it could be a Tor authorized hidden service, as forest describes, or some other method of securing the site against random hackers.

Hypothetical scenario: suppose that you had a webserver running on HTTP (as it's not clear if you're using Tor for hidden services or as a form of proxy software). Let's say you've got /index.php on there with a link to /my_program_interface.php, and for "safety's" sake, let's also put that on port 8080, with no domain name, but other than that, you allow it to accept connections from anyone. Well, if anyone ever finds out that you've got a webserver there (and with IPv4, a full network scan is feasible, so your webserver could be discovered), all they'd have to do is to type http://[your_ip_here]/index.php into a normal off-the-shelf browser, and then they have exactly as much control over your program as you do.

In other words: don't forget that that server-side authorization checks are important, along with client-side privacy checks!

Soron
  • 2,809
  • 1
  • 12
  • 19
6

It depends what you mean by secure enough.

Security does not exist without a threat model, as time-travelling, mind-reading gods can defeat any system you make.

If this is a simple utility, then the chances of someone burning a 0day for ssh on your sever is minimal, since there are simply better targets, and it wouldn't be worth the time and effort.

However, if you plan on running a system to co-ordinate a giant criminal empire behind the site, you should expect that a large intellegence agency can track the tor traffic back to you box, either by using an attack on the Tor network, or by simple rubber-hose cryptography:

relevant xkcd

However, even if your system is theoretically secure enough, there is the human element: you can never be 100% sure that you have set it up correctly, and so it may be trivial to hack.

A very important rule for security is to expect that your system will be broken at some point. A large part of the design of a secure system is making sure that when it is broken, it doesn't cause too much damage. To that end, I would suggest something like a docker image, so that you can easily scrub it if it does get broken into.

If the actual cryptography behind ssh was broken, you should be more worried about collecting canned goods, as an economic collapse would occur that would make the Great Depression look like the Slightly Sad, as any secure web traffic could be decrypted with a simple MitM (passwords, server certificates, bank details, etc.), and massive botnets of hacked servers would assault any and all internet-facing servers, effectively killing the information age, and turning the internet into a battleground.

Cyclic3
  • 845
  • 6
  • 6
  • Shell shock didnt cause a new age great depression did it? – user6858980 Jan 04 '19 at 17:08
  • 2
    @user6858980 That's because shell shock only targeted one program, bash, which is rarely publicly reachable. Even if someone found a bug in apache or nginx that gave arbitrary code execution as root (the worst feasible case), the level of sandboxing on most big websites would keep it safe, and it would be patched. This is in stark contrast to the very concept of public-key encryption being wrong, which would be as unpatchable as `1 + 1 = 2` – Cyclic3 Jan 04 '19 at 18:18
  • Although you're absolutely correct that it would result in an economic collapse if an easy way to break all asymmetric cryptography were suddenly revealed, I think you are exaggerating the effects a bit. It would probably not send us into a new depression worse than the Great Depression, but it would certainly result in a major shift in the economy for a very long time. – forest Jan 05 '19 at 01:36
  • Cryptography useful for protecting traffic from eavesdropping was effectively outlawed in France until some time in the mid-1990s. (IIRC, you could use it, but you had to have a license to do so, and violation of this requirement carried a stiff fine.) If cryptography breaks down today, it wouldn't *exactly* put us back in France in the first half of the 1990s since the world is different today than it was then, but I think it would be a stretch too to say that France in the first half of the 1990s was effectively a third world country economically. – user Jan 05 '19 at 13:34
  • @aCVn I agree, if cryptography was slowly removed from our lives, there would be little effect. However, the loss of the internet from the giant botnets would kill or maim all tech companies. I have difficulty naming a company that doesn't heavily rely on the internet. The world would recover, and yes, would return to a pre-internet state not dissimilar from 1990. Random things we take for granted, like SIM cards, OTA software updates, and the instant access to the giant amalgamated knowledge of mankind would be forever lost. Even though I am British, I don't believe France to be that bad. – Cyclic3 Jan 05 '19 at 21:48
  • bash is publicly accessible if your port is open and your shell is bash – user6858980 Jan 07 '19 at 10:26
  • @user6858980 If you have an open port where people can execute bash commands, that's called a 'backdoor'. In the very rare case bash is actually exposed directly (rather than being in used in a web script somewhere), it is sandboxed. – Cyclic3 Jan 07 '19 at 11:25
  • shellshock exploited allowed arbitrary code execution on bash via ssh among other vectors so I dont really understand what your on about, maybe readup on shell shock. https://en.wikipedia.org/wiki/Shellshock_(software_bug) – user6858980 Jan 08 '19 at 09:47
  • Reading the linked wikipedia article, the only reference to an ssh exploit is one that requires working creds. Yes, this would allow ACE, but only if you had some form of access already. The only widely deployed use of ssh's forcecommand that I can think of is for git over ssh. With even basic security (firewalls, permissions, NAT), the worst thing (from the owners view) you could do with this is use it for DDoSing (which would be easy to see). I was not aware of this attack against SSH, but I hardly see how it is relevant for OP. I believe we may have left the scope of the original question. – Cyclic3 Jan 08 '19 at 10:11