tor ssh
It's actually really simple.
I won't cover Windows/Apple/Android because that's like a screen door on a submarine...
install tor on both machines
ssh into, or use some form of console access, to access your server.
Find the section about tor hidden services. The samples look like this:
Code:
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
Add your own line underneath these so that it looks like this:
Code:
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 127.0.0.1:22
The next time tor (you can just reboot the machine) starts, it will create the hash and .onion address for you. You should keep port 22 open until you have that.
This is how you get your .onion address.
Code:
sudo cat /var/lib/tor/ssh/hostname
16randomlettersandnumbers.onion
You can now close port 22 (comment it out of the above iptables rules and re-run the script) and reboot for good measure.
It is your only way into the server other than some kind of console. If you have no console, this is now the only way in. Period.
Now, to ssh into the machine:
No one can even brute force your ssh now. They can't even get to a login without the .onion address. Can't spam it or use it as a DDoS port because it isn't one.
For those dumbass trolls that missed the point; I don't care if this obfuscates or not. Your tor hate is irrelevant. This isn't about obfuscation of the connection. That's just a convenient side-effect.
You could set up a low-pipe relay in tor for mutually beneficial white noise, but that's outside the scope of my brief, amateur-ish tutorial.
You can torify a lot of things (I was especially pleased to see it work with
@chaeplin's dashmnb script), but the official dash download is actually blocking tor exit nodes. Same goes with a lot of repositories...