Setup Tor for port-opening-free ssh/config access

Is there somewhere a howto for openwrt 19.07 on how to configure tor after installing it with opkg to have ssh/http access to a openwrt router that is behind a nat?
I need such access for helping some people remotely. TeamViewer for example is not a privacy friendly solution for such things.

@aupnxabs, welcome to the community!

Whoa...to be clear...are you saying that you want to publish the router's SSH and web server as a HiddenService on Tor!?!?!

I assume the router doesn't have a Public IP address?

I don't advise doing this (especially if you plan to access the Tor network through the same running instance, in fact, I believe the Tor documentation advises against this). Nonetheless, it's setup like any Tor HiddenService - using the /etc/tor/torrc file.

See: https://2019.www.torproject.org/docs/tor-manual.html.en

3 Likes

I also think that TOR is a bad idea, I would try to find an alternative. For example, a Wireward connection, from the router you want to maintain to a server outside.

3 Likes

Client:
https://openwrt.org/docs/guide-user/services/tor/client

Server:
https://openwrt.org/docs/guide-user/services/tor/extra#onion_services

Works for me.
Beware of security issues.

2 Likes

@aupnxabs, as @vgaetera noted, please be very aware of the security issues of running a HiddenService on Tor. For all the risks of putting your router on the "dark web" - you should just use TeamViewer with a strong password. Just my opinion...

1 Like

I did think of something:

  • use key-only SSH
  • DO NOT make a service to HTTP (tcp/80)
  • SSH to the router and SSH Tunnel to LuCI at port 80

:wink:

1 Like

If speed is not important, running a TCP-based VPN server as an onion service should be possible as well.

1 Like