On 12/18/2018 12:09 AM, Roger Dingledine wrote: > On Mon, Dec 17, 2018 at 11:51:29PM -0700, Mirimir wrote: >> Given that I SSH via Tor a lot, that would suck for me. If too many >> exits didn't allow port 22, anyway. As it is, it's not uncommon for SSH >> logins via Tor to die. Presumably after some network hiccup. >> >> And sure, I could setup .onion SSH for everything, and that'd arguably >> be more secure. But sometimes I'm just too lazy for that. >> >> Now that I'm thinking of it, though, I wonder whether I ought to change >> SSH to port 443. That'd give me a larger exit population, which would be >> good. But for anyone watching, my SSH sessions would be more unusual. >> >> What would be the likely net impact of using port 443 for SSH? > > Another more surprising impact for you is that your ssh connections would, > counterintuitively, die more often. > > That's because Tor has a LongLivedPorts option, where streams for those > destination ports use circuits with all Stable-flagged relays, and 22 > is in the list but 443 is not: > > LongLivedPorts PORTS > A list of ports for services that tend to have long-running > connections (e.g. chat and interactive shells). Circuits for > streams that use these ports will contain only high-uptime nodes, > to reduce the chance that a node will go down before the stream is > finished. Note that the list is also honored for circuits (both > client and service side) involving hidden services whose virtual > port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190, > 5222, 5223, 6523, 6667, 6697, 8300)
Thanks. I guess that I'll stick with port 22, then. And re .onion services, it's interesting that OnionCat port 8060 isn't on the list. I guess that I ought to use one of those, instead. > --Roger > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
