In this article I will show you how I securely connect to my remote machines without having to configure port forwarding.
Requirements: A computer “server” (running linux) A internet connection Another computer to connect to your server (running linux) Why? If you want to access your server without portforwarding in a extremely secure fashion you will want to follow this tutorial. You will be connecting to the server via tor which will make it harder for anyone to find the url of the server and ill show you how to setup keybased auth for even more security!
Which is still just as open, but also a massive calling card for anyone trolling around the TOR network
Luckily, it is no longer possible to easily sniff the new v3 addresses by deploying a malicious relay. Any attack to even reveal the existence of a hidden service would require a very specialized setup. And we’re just talking discovery, not the ability to connect and attack the actual service running there.
Yea, I don’t think this is necessarily a horrible idea. It’s just that this doesn’t really provide any extra security, but even the first line of this blog is talking about security. This will absolutely provide privacy via pretty good traffic obfuscation, but you still need good security configuration of the exposed service.
you still need good security configuration of the exposed service.
In a sense that security comes in layers, yes. But in practice, this setup will prevent 100% of bots scanning the internet for exposed services, and absolute majority of possible targeted attacks as well. It’s like using any other 3rd party VPN, except there’s not a central point for the traffic to flow through.
From the attackers point of view, nothing is listening there.
I’ve used a similar setup in the past to access a device behind a NAT (possibly multiple NATs) and a dynamic IPv4. Looking back, that ISP was a pure nightmare.
Luckily, it is no longer possible to easily sniff the new v3 addresses by deploying a malicious relay. Any attack to even reveal the existence of a hidden service would require a very specialized setup. And we’re just talking discovery, not the ability to connect and attack the actual service running there.
Yea, I don’t think this is necessarily a horrible idea. It’s just that this doesn’t really provide any extra security, but even the first line of this blog is talking about security. This will absolutely provide privacy via pretty good traffic obfuscation, but you still need good security configuration of the exposed service.
In a sense that security comes in layers, yes. But in practice, this setup will prevent 100% of bots scanning the internet for exposed services, and absolute majority of possible targeted attacks as well. It’s like using any other 3rd party VPN, except there’s not a central point for the traffic to flow through.
From the attackers point of view, nothing is listening there.
I’ve used a similar setup in the past to access a device behind a NAT (possibly multiple NATs) and a dynamic IPv4. Looking back, that ISP was a pure nightmare.