SSH to Umbrel node over Tor

Carlos · December 10, 2021, 4:50am

Hi,

I have 2 nodes: one at home and another one in a remote location in another continent. My home node is the main one, with lightning liquidity and channels and it is 100% bitcoin (without apps).

The remote one is a test node that I use to test new versions, apps and to run small Puthon scripts for other purposes. So I need to SSH into it remotely via Tor. I tried following this guide: https://jonasweissensel.de/post/ssh-over-tor/

But I get stuck here:

We’re going to open the file:

sudoedit /etc/tor/torrc

As there is no /etc/tor/ directory. I believe Umbrel configures Tor in a different path.

Does anybody know how to configure the SSH Hidden service in Umbrel?

Thanks in advance!

DarthCoin · December 10, 2021, 9:40am

If you have a static IP on that remote location, just open the port 22 on your router and FW it to your node local IP. But secure it well with a strong password and access it from a safe, clean location/PC.
Optional, if you access always from the same remote location, you can set in UFW only that IP to be able to enter SSH so other random IPs will be rejected by default.

And done, you don’t need to change anything else in your node OS or software with complicated things that could do more damage .

Carlos · December 10, 2021, 10:43am

Thanks! Unfortunately, I don’t have a static IP on my remote location.

Since Tor already comes installed with Umbrel, I thought it would be as simple as creating a hidden service for SSH, like all the other apps have their own specific hidden service and therefore onion address.

It shouldn’t be that complicated to do, but I still haven’t found the way. If somebody knows, I’d appreciate the help.

disuye · January 10, 2022, 5:47pm

I’m also trying to do this. Haven’t quite succeeded yet. After doing brew install tor nmap on my Mac, I am able to do curl requests to the Mempool API on my Umbrel over Tor successfully, but ssh connections directly to Umbrel are crapping out. I’m using the following command:

ssh -o ProxyCommand= "ncat --proxy-type socks5 --proxy 127.0.0.1:9050 %h %p" umbrel@xxxxx.onion

Which return errors…

Ncat: Error: Connection refused.
ssh_exchange_identification: Connection closed by remote host

disuye · January 10, 2022, 3:38pm

And not sure if this helps you … The path to torrc is ~/umbrel/tor (there is no /etc) so you would ssh umbrel@umbrel.local and then type sudo nano umbrel/tor/torrc to edit that file.

citizen_68 · July 3, 2022, 6:57pm

Hi DartCoin,

first, thank you in general for all your answers to the community.
When you say clean location/PC, do you emply it is not safe for a Tor/mobile(android) ?
what would be necessary to consider a mobile/Tor access to be safe ?