Not anonymous!

Documentation for this entry is incomplete. Contributions are happily considered!

Introduction[edit]

It is possible to make Tor on a server using a single Tor hop (only one Tor relay instead of three) by using Tor configuration options HiddenServiceNonAnonymousMode 1, HiddenServiceSingleHopMode 1. This is non-anonymous but faster. Server should use Onions Services Authentication. The advantage of this is to have a server which is:

reachable (for users having access to Tor) for NAT traversal, i.e. it works behind common NAT routers.
capable to secure inherently insecure protocols (such as VNC) by using the encryption / authentication provided by Tor Onion Services

Independently, if clients prefer speed over anonymity, they can configure Tor in Tor2Web mode, which means outgoing Tor circuits will have a length of one rather than three.

These two options combined reduce a 6 hop Tor connection to a 2 hop Tor connection. It's not anonymous, but providing NAT traversal as well as onion encryption / authentication.

https://forums.whonix.org/t/should-we-use-hiddenservicesinglehopmode-for-whonix-org-server ^[archive]

Server Side[edit]

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Gateway ™ ProxyVM (commonly named sys-whonix) → Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps.

sudo nano /usr/local/etc/torrc.d/50_user.conf

sudo nano /usr/local/etc/torrc.d/50_user.conf

Add.

HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1
SocksPort 0

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 5900 127.0.0.1:5900
HiddenServiceVersion 3
## syntax:
## HiddenServiceAuthorizeClient auth-type client-name,client-name,…
## The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients.
## Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces). 
HiddenServiceAuthorizeClient stealth 1234567890123456

HiddenServiceNonAnonymousMode 1
HiddenServiceSingleHopMode 1
SocksPort 0

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 5900 127.0.0.1:5900
HiddenServiceVersion 3
## syntax:
## HiddenServiceAuthorizeClient auth-type client-name,client-name,…
## The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients.
## Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces). 
HiddenServiceAuthorizeClient stealth 1234567890123456

Save and exit.

Client Side[edit]

Update the package lists.

sudo apt-get update

sudo apt-get update

Install Tor's build dependencies.

sudo apt-get build-dep tor

sudo apt-get build-dep tor

^[1]

Create directory ~/tor-src.

mkdir ~/tor-src

mkdir ~/tor-src

Change directory to ~/tor-src.

cd tor-src

cd tor-src

Download the Tor source package.

apt-get source tor

apt-get source tor

Change directory to Tor source directory.

cd tor-*/

cd tor-*/

Open debian/rules in an editor as a regular, non-root user.

If you are using a graphical environment, run.

mousepad debian/rules

mousepad debian/rules

If you are using a terminal, run.

nano debian/rules

nano debian/rules

Change:

dh_auto_configure \
        $(confflags) \
        --prefix=/usr \
        --mandir=\$${prefix}/share/man \
        --infodir=\$${prefix}/share/info \
        --localstatedir=/var \
        --sysconfdir=/etc \
        --disable-silent-rules \
        --enable-gcc-warnings-advisory

dh_auto_configure \
        $(confflags) \
        --prefix=/usr \
        --mandir=\$${prefix}/share/man \
        --infodir=\$${prefix}/share/info \
        --localstatedir=/var \
        --sysconfdir=/etc \
        --disable-silent-rules \
        --enable-gcc-warnings-advisory

To:

dh_auto_configure \
        $(confflags) \
        --prefix=/usr \
        --mandir=\$${prefix}/share/man \
        --infodir=\$${prefix}/share/info \
        --localstatedir=/var \
        --sysconfdir=/etc \
        --disable-silent-rules \
        --enable-gcc-warnings-advisory \
        --enable-tor2web-mode

dh_auto_configure \
        $(confflags) \
        --prefix=/usr \
        --mandir=\$${prefix}/share/man \
        --infodir=\$${prefix}/share/info \
        --localstatedir=/var \
        --sysconfdir=/etc \
        --disable-silent-rules \
        --enable-gcc-warnings-advisory \
        --enable-tor2web-mode

Open src/or/config.c in an editor as a regular, non-root user.

If you are using a graphical environment, run.

mousepad src/or/config.c

mousepad src/or/config.c

If you are using a terminal, run.

nano src/or/config.c

nano src/or/config.c

Change

V(Tor2webMode,                 BOOL,     "0"),

V(Tor2webMode,                 BOOL,     "0"),

To

V(Tor2webMode,                 BOOL,     "1"),

V(Tor2webMode,                 BOOL,     "1"),

Build the Tor package.

debuild

debuild

^[2]

Footnotes[edit]

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.


Fosshost	About Advertisements

Follow:

Support:

Donate:

Love Whonix ™ and want to help spread the word? You can start by telling your friends or posting news about Whonix ™ on your website, blog or social media.

Priority Support | Investors | Professional Support