At home I have no static IP address, but from time to time I want to login from
remote. There are different solutions to this, but all I know off require
a third party I have to coordinate with. That's why I just expose my sshd at
home over the tor network.
Here is how it works:
# add this to /etc/tor/torrc on the server side (@home)
HiddenServiceDir /var/lib/tor/ssh_service
HiddenServicePort 22 127.0.0.1:22
HiddenServiceVersion 3
After tor was restarted the hostname can be found in
/var/lib/tor/ssh_service/hostname.
$ cat /var/lib/tor/ssh_service/hostname
vdfasdhfasoihrl3<...>.onion
Now all I have to do now is to carry around this hostname, normally this is just
done via ~/.ssh/config:
Host home
HostName vdfasdhfasoihrl3<...>.onion
The internet always suggests to use torify to make
programs tor ready. In my experience this doesn't often work well. torify just
loads a shared library with LD_PRELOAD that changes the behaviour of some
network related calls. So to connect to home one would just do:
$ torify ssh home
But I prefer to use ProxyCommand with socat to make ssh tor ready:
Host home
ProxyCommand socat STDIO SOCKS4A:127.0.0.1:vdfasdhfasoihrl3<...>.onion:22,socksport=9050
Now it is just ssh home. Sure, it's slow, and sometimes not very reliable.
But it's enough for my needs.