Requirements: a host with a running tor
node, qemu,
some diskspace for the emulated system, install media for an OS on the emulated system
Result: a host with an .onion
address, connectivity restricted to
TCP and no traceable IP address.
Start qemu
with the following options
-net nic \
-net 'user,hostfwd=tcp::5555-:22,restrict=on'
The emulated machine will have a network interface
unconnected to anything, autoconfigured to 10.0.2.15/24
.
Qemu
will forward connections to localhost:5555
to sshd
on the emulated machine.
Create a user
on the emulated system and install wlog dsocks-torify
or some other socksifier that forwards DNS requests.
On the machine hosting the qemu
forward the local tor
port to
the emulated system:
ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &
The emulated system can now reach TCP services through
socksified programs, e.g.
dsocks-torify.sh sh
wget http://example.com/a_file
scp a_file bob@example.org:
On the machine hosting the qemu
create a hidden service by
adding the following lines to torrc
HiddenServiceDir /some/place/hidden_qemu
HiddenServicePort 22 127.0.0.1:5555
and restarting tor
. Seconds later
/some/place/hidden_qemu/
will contain a file
hostname
with the .onion
address
tied to the SSH port of the emulated system.
The
emulated system is now reachable by SSH only.
Connections to the system will be shown to originate at
10.0.2.2
.
Assuming that qemu
makes no errors (ahem), accounts
on the emulated system can not easily find out where the hosting
machine is (for small values of "not easily").