You are reading the article How To Keep Ssh Connections Alive In Linux updated in December 2023 on the website Hatcungthantuong.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 How To Keep Ssh Connections Alive In Linux
For those that need to work constantly on SSH, it can be very frustrating when the system cut you off after a period of time. This article shows you the method to keep SSH connection alive until you disconnect it.
Login to your remote system, or open the terminal in your own computer.
Open the /etc/ssh/ssh_config file.
sudo
nano
/
etc/
ssh/
ssh_configand add the following line to the end of the file:
ServerAliveInterval60
What this option does is to send a null packet to the server at every 60 seconds (of inactivity) to keep the SSH connection alive. You can experiment with the value, setting it to either higher or lower, depending on your system configuration. A value of 60 is a good starting point to start the experimentation.
Per user configurationIf you don’t have root access to the system or you just want to configure it for your personal account, you can edit the ~/.ssh/config file instead.
sudo
nano
~/
.ssh/
configIf the file does not exist, this will create a new file.
Add the following line:
Host*
ServerAliveInterval60
Press “Ctrl + o” to save and “Ctrl + x” to exit.
Lastly, restart the SSH server.
sudo
servicessh
restartThat’s it.
Damien
Damien Oh started writing tech articles since 2007 and has over 10 years of experience in the tech industry. He is proficient in Windows, Linux, Mac, Android and iOS, and worked as a part time WordPress Developer. He is currently the owner and Editor-in-Chief of Make Tech Easier.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
You're reading How To Keep Ssh Connections Alive In Linux
How To Enable Passwordless Ssh Logins On Linux
It’s an excellent idea to sign in to your SSH server without a password. Seriously, get rid of it. There’s no need to use a password on one of the most attacked services on Linux servers, right? Securing an SSH server using standard password-based authentication is a bad idea. Attackers can easily brute force passwords, and when they’re the only thing standing between a bad actor and your server, you should definitely be nervous.
That’s why RSA key-based authentication is much better. You can configure and secure your Linux server to only allow access from computers that hold the RSA keys that have already been accepted. Anyone else will be rejected immediately. As an added benefit, you can create those keys with or without a password, which is entirely up to you. A strong key without a password is fine in most cases, though.
If you use Linux devices at home, too, you have the added benefit of convenience. Say you want to set up SSH X-forwarding from your Linux workstation to your laptop. Do you really want to enter your password every time you run a remote program? Set up SSH keys, and you won’t need to.
Install the PackagesThere are a couple of packages that you need. You probably already have some of them, but it’s a good idea to check. The packages are the same on both the server and client. However, there’s also a good chance that both machines are servers and clients to each other (home situation), so you may want to make sure that you have installed these packages.
The OpenSSH metapackage is not installed by default on either Debian or Ubuntu systems. If you don’t already have it installed, you can do so by running the following command:
sudo
apt
install
ssh
Generate Your SSH Key in LinuxIt’s really easy to generate your SSH key in Linux. Just tell OpenSSH that you need to generate the key. It’s also a good idea to specify the amount of bits with the -b flag and the type with -t. A 4096 bit key is best, as it provides stronger encryption.
ssh-keygen
-t
ed25519First, the utility will ask where you want to store the key. Just hit Enter for the default directory. When it asks for a password, leave it blank for a passwordless key and passwordless authentication. If you do want to use a password for your key, enter it here.
Your computer will take a couple of seconds to generate your key. When it’s over, it will print out an ASCII art representation of your key on the terminal.
Sending Your Key to the Remote Linux HostTo use your key, you’ll need to send it to your remote server. OpenSSH has another built-in utility for that, too. Tell it where your key is and which user on the server to associate it with.
ssh-copy-id-i
~/
.ssh/
id_ed25519.pub username@
ip_remote_hostReplace ip_remote_host with the actual IP address of the remote host, which you will manage via SSH. Replace username with the actual username on the remote host.
It’s crucial that you use the -i option to specify the identity file that contains your public key. If you try to use your SSH key without this option, you may get an error.
Testing Your SSH Connection in LinuxWith your SSH key in the remote server, you can now test whether your connection properly works.
Log in with the following command:
ssh
username@
ip_remote_hostThe remote host will log you in without asking for the user account password.
However, if you made a mistake during the process, the SSH daemon will automatically fall back to password authentication for your user account. This allows you to still access your remote server even if you have a non-functioning RSA key.
Configuring SSH to Block PasswordsFor the best security, you need to disable SSH password logins on your Linux server. Similar to enabling two-factor authentication in SSH, this prevents anyone from brute-forcing their way into your server.
It is important to make sure that you can reliably log in with your SSH key before doing this, as it is possible to lock yourself out of your remote server if you have a malfunctioning key.
You can find the configuration file for your SSH daemon in “/etc/ssh/sshd_config.” Open the file on the server using sudo and your preferred text editor. For example, open this file using nano by running the following command:
PasswordAuthentication no PermitEmptyPasswords noPasswordAuthentication specifies whether to use password authentication. We set this to “no” because we want to use SSH keys only.
PermitEmptyPasswords specifies whether the server allows login with an empty password. You should never allow this, so we set it to “no.”
Next, find the “UsePAM” line and change it to “no.” This will prevent the daemon from using any authentication methods (password, Kerberos, etc.) other than SSH keys.
UsePAM noSave the file by pressing Ctrl + O, then Ctrl + X and reload the SSH server.
sudo
systemctl restartssh
Now that you have successfully configured your server to use only SSH keys for authentication, anyone trying to log in without a valid RSA key will be immediately denied.
Frequently Asked Questions I am getting a “Connection refused” when I send my SSH key to my Linux server. How do I fix this?Make sure that the SSH server is running on the remote host. You can check this by running sudo systemctl status ssh. If the service is not running, you can start it with this command: sudo systemctl start ssh.
If a firewall is running on the server, make sure that port 22 is open. You can do this by running sudo ufw status. If SSH isn’t listed, you can enable it by running this command: sudo ufw allow ssh.
I get a “Host key verification failed” error when I try to connect. How do I fix this?This error means that the SSH server’s host key has changed. It can happen if the server has been reinstalled. You can regenerate a new public key and copy it over to the remote host. Repeat the steps in this article to regenerate and add the new key to the server.
Is it possible to use multiple SSH keys on the same remote Linux server?Yes. You can use the -f option in OpenSSH to specify the exact key you want to use to connect to a remote server. For example, running ssh -f ~/.ssh/id_rsa_2 username@remote_ip_address will connect you to your remote server using the “id_rsa_2” key instead of the default “id_rsa.”
However, it is important to note that this command will only work if your remote server already recognizes your new key. You need to first copy it to your remote server using ssh-copy-id. Similar to the steps above, you can do this either through password or RSA key authentication.
I am getting a “Permission Denied” error whenever I try to copy my SSH key to my server.This issue is most likely due to a permissions problem in your remote server. In most cases, the ssh-copy-id utility should properly resolve any access issues as soon as it connects to your remote server. However, there are instances where this feature breaks and fails to properly copy your local machine’s “id_rsa.”
To fix this, log in to your remote server and run chmod 700 /home/$USER/.ssh/* && chmod 600 /home/$USER/.ssh. This will set the correct permission bits for both the “.ssh” folder and its contents.
Image credit: Unsplash. All alterations and screenshots by Ramces Red.
Ramces Red
Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
How To Search Terminal History In Linux
If you’re a frequent user of the terminal, you know how important it is to keep track of the commands you’ve executed. But what if you need to find a specific command you’ve used in the past? This is where searching terminal history comes in handy.
In this article, we’ll dive into the details of searching terminal history, including a detailed description, code examples, related concepts, and methods to help you understand and apply this concept in a professional setting.
What is Terminal History?Terminal history is a record of all the commands you’ve executed in the terminal. This history is usually saved in a file located in your home directory, and it can be accessed and manipulated using various commands and tools.
By default, most terminal emulators save the last 500 to 1000 commands you’ve executed. However, this limit can be increased or decreased depending on your preferences.
How to Search Terminal HistorySearching terminal history is a simple process that involves using the history command and piping its output to the grep command. Here’s an example:
This command will search your entire terminal history for any commands that contain the phrase “search term”. The output will include the line number of each matching command, which you can use to execute that command again.
If you want to limit the search to a specific number of commands, you can use the -n option with the history command. For example, the following command will search the last 50 commands for the phrase “search term”:
You can also search for commands that match a specific pattern using regular expressions. For example, the following command will search for any commands that start with “git”:
To make the search case-insensitive, you can use the -i option with the grep command. For example:
Related Concepts and Methods Using the Up Arrow KeyIf you want to quickly access a command you’ve executed in the past, you can use the up arrow key. Each time you press the up arrow key, the terminal will display the previous command you’ve executed. You can keep pressing the up arrow key to cycle through your command history.
Using the Ctrl+R ShortcutAnother way to search your terminal history is by using the Ctrl+R shortcut. This shortcut will open up a reverse search prompt where you can type in a search term. As you type, the terminal will display the most recent command that matches your search term. You can keep pressing Ctrl+R to cycle through your command history.
Editing Terminal HistoryYou can also edit your terminal history using the history command. For example, if you want to delete a specific command from your history, you can use the -d option followed by the line number of the command you want to delete. For example:
history -d 123This command will delete the command on line 123 from your terminal history.
ConclusionSearching terminal history is a useful skill that can save you time and effort when working in the terminal. By using the history and grep commands, you can easily search your command history for specific commands or patterns. Additionally, using the up arrow key and Ctrl+R shortcut can help you quickly access and cycle through your command history.
How To Multitask In The Linux Terminal With Screen
Many people don’t know about screen, an excellent little tool, or “a terminal multiplexer,” if you want to get technical. I firmly believe everyone who uses the terminal, for whatever reason, should have it in their arsenal. It’s that useful.
Screen makes multitasking in the terminal dead easy. With it, you can run many tools in parallel, each in their session. After you run something in its own “screen,” you can then detach and re-attach to it at will. Being able “to leave things running in a detached session” allows you to jump between tools.
If you’re juggling lots of tasks in the terminal every day, you’re either already using it, or you’ll love it after you try it!
Install screenScreen is available for almost every distro under the sun – since it’s an old, tried and tested, albeit somewhat unknown, little treasure. To install it on Debian, Ubuntu, Mint or anything that uses apt, use:
sudo
apt
install
screen
In mere seconds you’ll be up and running, since it’s also small and without many dependencies.
First sessionWe’ll only delve into screen’s basic features that will allow you to use it immediately. If you like what you see by the end of this tutorial, its manual page explains the extra functions, but we thought they’d be too much for the first introduction in its use.
To use it, just add it in front of anything you’d enter in the terminal. Let’s create a document in the popular nano editor as an example. If it’s not installed, available on your distribution, or if you prefer something else, swap “nano” with your choice.
screen
nano
mte_screen.txtBy adding “screen” in front of the usual command, we ran it in one of screen’s sessions. It might look like it didn’t have any result, but as we’ll see in the next step, it did.
Detach from sessionType something in nano and pressing Ctrl + A and then D on your keyboard. Nano º or whatever editor you were using – will disappear. In the terminal, you’ll see a message similar to:
[
detached from terminal-ID]
Now you’re back to what you could refer to as the starting terminal from where you ran screen before. But your session with nano isn’t gone.
Get back to the running sessionSince you have a session running in the background, you can get back to it by entering:
screen
-r
After hitting Enter, you’ll be right where you left off in nano. You can detach and reattach the screen as many times as you like. But that’s just one app running in the background, far from what you’d call true multitasking.
Create a second sessionWhile back to the original terminal and detached from the running nano session, repeat the first step to run something in a second session. For simplicity’s sake, we created a second document with nano using:
screen
nano
mte_2nd.txtScreen, though, isn’t restricted to running multiple sessions of the same app: try running anything with it. Screen proves its usefulness when used for something like compressing many files into an archive with 7z, a process that takes some time. Instead of staring at a terminal, waiting for 7z to finish, you can detach its session and let it run in the background.
Session listIf you followed our previous steps, you now have two sessions running with screen. screen -r won’t work like before because it wouldn’t know where to attach. When you have multiple sessions, to go back to one of them, you first have to know its ID. To find it, enter:
screen
-list
Screen will display a list of all available sessions.
In our case, as you can see in our screenshot, to go back to either session, we’d have to enter:
screen
-r
14384
or
screen
-r
14336
Useful extrasIf you run a task that exits after completion with screen, the screen session will end with it. That’s why you could have run some tasks in screen sessions but now have no active sessions show up. The tasks could have completed their goals in the meantime.
If you want a session to remain active in such cases, instead of running a command with screen added before it, run “screen” on its own to create a new session, and then type your command there before detaching. If you run a command in a session you manually created, the session won’t exit when the task completes.
Screen also allows you to create a new session from within an existing one. Just hit the command combination Ctrl + A, and then press C to create a new screen and jump to it.
For other useful commands you’ll probably end up using, press Ctrl + A and then:
A to enter a title for the session for easier recognition and management
K to kill the current session
N or P to move to the next or previous active session
0 to 9 to move between the first ten active sessions
Not just for juggling tasksWe saved the best for last: screen isn’t bound to a specific terminal. After detaching from a session, you can close the terminal window if you were in a graphic environment, or you can even log-out. As long as your computer is running, the session will remain active.
And this means that you can reattach to a running session from a different terminal. As you can see in our screenshot, we used Guake to reattach to a session we created in Mint’s default terminal.
Since the implications of this might not have adequately sunk in, think of this usage scenario: you can log in remotely to your computer, with SSH, and start a task with screen. Then, detach and log off. The job will keep running until it either completes or you decide to re-log on, reattach to the screen session and manually end it!
How’s that for “multitasking?”
Odysseas Kourafalos
OK’s real life started at around 10, when he got his first computer – a Commodore 128. Since then, he’s been melting keycaps by typing 24/7, trying to spread The Word Of Tech to anyone interested enough to listen. Or, rather, read.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
How To Use Password Store To Manage Your Passwords In Linux
Password Store is a simple UNIX program that uses the GNU Privacy Guard (GPG) and Git to secure and manage passwords for your Linux system. It is simple, lightweight and fast. However, this simplicity means that accessing Password Store’s database to fetch your passwords can be a bit of a pain. However, if you are using Emacs, there is a way to seamlessly automate this process for you.
To help with that, password-store is also an Emacs package that serves as a front end to the Password Store program. Similar to its back end, password-store is simple and light. More importantly, you can easily extend its features by using a number of plugins done by its community.
How Does Password Store Work?Password Store is an extremely simple password manager that creates and modifies passwords in pure plain text. It only maintains a text file for every account and password that you provide to it.
While this might seem insecure and archaic, Password Store makes it work by encrypting all of the files that it maintains. This allows you to have the flexibility of plain text while also having the security and encryption of GPG.
Since the program only deals with simple files, it is possible for you to categorize and sort those files under different folders.
Password store also allows you to append additional information for your password files. This is because it only requires you to reserve the first line of the file for your password. For example, this is a password file for one of my forum accounts:
thisismysupersecretpassword ===============INFORMATION
============== Username: MySuperCoolName Security Question1
: Yogi Security Question2
:1992
Toyota Corolla Security Question3
: Smith OTP Key: aabbccddff11223344 ========================================Password Store does not read any information after the first line. As such, I am able to easily add any additional information about my forum account. With that, the program not only allows you to create a custom password directory but also custom formats for your passwords.
Installing Password StoreDue to its simplicity, Password Store is easy to install. Further, it is also available to almost all Linux distributions. For example, you can install it in Debian and Ubuntu using apt:
sudo
apt
install
pass gnupgIn Fedora, you can use dnf:
sudo
dnf
install
pass gnupg2For Arch Linux, you can use pacman:
sudo
pacman-S
pass gnupg Creating Your Password StoreWith that done, creating a password store requires you to do two things:
First, you need to have a GPG key. This will be the key that will be associated to your Password Store. You can either create a new one specific for this store or use an old one that you already have.
Secondly, you need to initialize the Password Store itself. This could either be a simple password store maintained through GPG or a version controlled one under GPG and Git. Either way, creating these two versions will only require you to run a single command.
Creating a GPG Key for Your StorePassword Store relies on GPG for all of its encryption. As such, it is necessary for you to create your own GPG key to ensure that password store is both secure and only encrypted to you.
Creating a GPG key is incredibly simple. To do that, you can run the following command:
gpg--full-generate-key
This will run a key creation wizard where you can choose a number of options for your GPG key.
From here, the wizard will ask you for the kind of encryption algorithm that you want to use for your key. For the most part, the default RSA algorithm will be enough. To select it you can just press Enter.
Setting Your GPG Key Length and Expiry
From there, the wizard will now ask you for the length of the key that you want to make. In this, the general rule of thumb is that a longer key will be harder to crack than a shorter key. For the purpose of this article I picked 4096 for my key length.
Once done, the wizard will ask whether you want your key to expire or not. In general, it is considered good practice to use a key that will expire after a certain date. Doing that will allow you to automatically revoke a key that either have been compromised or you have forgotten the password to.
In my case, I prefer setting short expiration times for my keys so that I do not forget them. As such, I set this option to “6m”.
Next, you’ll have to enter both a name and an email. This will only be in used as a display information whenever you encrypt or decrypt data.
Lastly, you have to provide a password for accessing this key. In that, your password has to be both strong and memorable. This is because you will use this password every time you access your Password Store. That includes copying existing passwords and adding new ones.
Starting Your StoreWith that done, the next thing that you have to do is to start your Password Store. You can do this in two ways:
You can start a simple Password Store with the default GPG encryption. This is useful if you only want a simple way of storing and accessing your passwords.
Run the following command in the terminal:
cd
/
home/
$USER
/
&&
pass init"your-gpg-email"
This will create a password store in your home directory under the name “.password-store”.
You can also start a git-controlled Password Store. This will allow you to finely control your store’s history. As such, you will be able to easily jump back on the changes that you have made. This is highly useful if you constantly change the passwords for your accounts.
If you want to run a git-controlled store, you have to run the following command:
passgit init
Doing so will start the git repository for your store. From here, you can access all of git’s commands for your store by prepending “pass” to git. You can view all of the git remotes for your store by running the following command:
passgit remote
get-url--all
Integrating Emacs with Password StoreIf you are an Emacs user, you can integrate Password Store to your Emacs client. Start by downloading the “password-store” package from the MELPA repository.
By default, this repository does not come with the standard Emacs installation. As such, you need to explicitly add it first to your Emacs’ configuration.
To do that, you can write the following command to your “init.el” file:
(
add-to-list 'package-archives(
package-initialize)
Once done, reload your Emacs client to apply the changes.
Press Alt + X and type package-install. This will load a command buffer where Emacs will ask you for the name of the package that you want to install. Type password-store.
Emacs will then fetch, compile and install the source code for the password-store package. At the end of it, its commands should be accessible by pressing Alt + X and typing password-store-version.
Adding a New Password to Your Store
With that done, accessing your store is relatively straightforward. For example, you can add a new password by pressing Alt + X and typing password-store-insert.
This will bring up a prompt where the package will ask you for the name of the password that you want to insert.
Now input the password itself. Similar to other password prompts, the input in here will be masked.
Editing Your Store EntryOne of the key strengths of Password Store is that you can customize your password files. This, in turn, allows you to provide an arbitrary format that can contain just about anything.
From here, the package will prompt you to enter your GPG key password. After that, Emacs will then display the contents of the password file in a separate buffer that you can edit.
Once done, you can save your password file by pressing Ctrl + X, Ctrl + S. From there, you can finalize the edit by pressing Ctrl + X, K. This will close the password buffer and tell Password Store to commit the changes to its file tree.
Removing a Password in Your StoreSimilarly, deleting a password in your store is also a simple process. You can remove a password by pressing Alt + X and typing password-store-remove. Doing this will bring up a prompt asking you for the password that you want to remove.
In my case, I wanted to remove an old password for a site that I do not visit anymore. So I typed “my-old-password” and pressed Enter.
Copying a Password from a StoreLastly, the package also allows you to copy your passwords directly from Emacs. This is highly useful if you want to quickly access your store whenever you are logging in to a service or an account.
To do this, you can press Alt + X and type password-store-copy.
This will load a prompt that will ask you for the password that you want to copy to your clipboard.
That’s it! You now have a basic idea of how to use Emacs as your password manager. Further, you also now know how to use a simple, file-driven password manager with Password Store.
Frequently Asked Questions 1. Is it possible for Password Store to create passwords similar to KeepassXC?Yes! The package can generate passwords for new accounts out of the box. You can access this function by pressing Alt + X and typing password-store-generate.
This will tell the package to prompt for a new account. From there, it will then generate a sufficiently random password for that account. You can, then, copy that password by using the password-store-copy function as described above.
2. Is it possible to integrate one-time password (OTP) support for my store?Yes! Password store has an excellent plugin that can manage OTP from within the command line. To use it, however, you will need to install an additional package to generate OTPs.
For example, in Debian and Ubuntu you can run the following command to install it:
sudo
apt
install
pass-extension-otpIn Fedora, you can use dnf:
sudo
dnf
install
pass-otpIn Arch Linux, you can use pacman:
sudo
pacman-S
pass-otpOnce done, you can then run this command to insert an OTP link to a store account:
pass otp insert"account-name"
From there, all you need to do is to run pass otp "account-name" to generate an OTP code for that account.
3. Is it possible for me to display the passwords as a tree in Emacs?Sadly no. However, you can display all of your passwords through tab-completion if you are using a minibuffer completion package.
The most common packages that provide this functionality are helm and mct. Both of them are available in the GNU ELPA repository and, as such, can easily be installed through the package-install function.
Image credit: Unsplash
Ramces Red
Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
Tor Connections To Hidden Services Could Be Easy To De
Identifying users who access Tor hidden services—websites that are only accessible inside the Tor anonymity network—is easier than de-anonymizing users who use Tor to access regular Internet websites.
One of Tor’s primary goals is to provide anonymity for Internet users. This is achieved by routing their Web traffic through a series of randomly chosen nodes or relays before passing it back onto the public Internet.
Internet servers that receive traffic from Tor users won’t see the real IP (Internet Protocol) addresses of those users. What they’ll see will be the IP addresses of randomly chosen Tor exit nodes.
The Tor hidden service protocol extends the anonymity protection to servers as well. It makes it impossible for users to see the real IP address of a server that runs a Tor hidden service, like for example, a website.
Anonymity is the coin of the realmHidden services use addresses that end in .onion, a pseudo top-level domain that doesn’t exist on the Internet and only resolves inside the Tor network. This anonymity protection for both servers and users makes hidden services attractive to political activists in countries where free speech is not well protected or where Internet surveillance is common, but also to criminals who use such websites to hide their activities from law enforcement.
That’s not the case with Tor hidden services and in fact attackers could quite easily and with 100 percent reliability take control of all the rendezvous points between Tor users and specific Tor hidden services, at least for a period of time.
Knowing who passes byWith this formula both a Tor client and a Tor hidden service should select the same 6 HSDirs on a particular day. However, the researchers found that they could use brute force techniques to generate the keys needed for their own nodes to take up those rendezvous positions for a specific day.
The researchers managed to place their own nodes as the 6 HSDirs for facebookcorewwwi.onion, Facebook’s official site on the Tor network, for the whole day on Thursday. They still held 4 of the 6 spots on Friday.
Brute-forcing the key for each node took only 15 minutes on a MacBook Pro and running the Tor relays themselves cost $62 on Amazon’s EC2 service.
For example, a government monitoring its Internet users through ISPs could use this attack to perform traffic analysis and determine who visited a dissident site hosted on Tor. A law enforcement agency could do the same with the help of ISPs to identify who is visiting an illegal website that runs as a Tor hidden service.
The goal of the two researchers was to prove that “hidden service users face a greater risk of targeted de-anonymization than normal Tor users,” because it’s much easier to reliably control all HSDirs for a specific hidden service than to control all Tor exit relays that might be used to access a website.
A fix in the worksThere is a proposal for the next generation of hidden services that will address not only this problem, but also other potential issues, Sandvik said. In the meantime, the Tor developers have tools that can detect relays trying to attack users of Tor hidden services, she said.
A change in Tor that will be implemented soon will make it harder for new nodes to become HSDirs by forcing them to obtain a stable flag first, Valsorda and Tankersley said. This will require nodes to be online for a longer period of time before they can become HSDirs so it will make the attack more expensive, but not technically harder to pull off, they said.
While users can’t do much to defend themselves against this, the operators of Tor hidden services do have one option. They could use the attack themselves so that their own nodes will become HSDirs for their own hidden services.
They released the brute-force tool they created for the attack on Github, as well as a separate HSDir analysis tool that can potentially detect such attacks.
Update the detailed information about How To Keep Ssh Connections Alive In Linux on the Hatcungthantuong.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!