automate/020_tor-ssh_hidden-service.sh

#!/usr/bin/env bash

sudo apt install -y tor tor-geoipdb

# /etc/default/tor
#
#  RUN_DAEMON="yes"
#  # MAX_FILEDESCRIPTORS=
#  # NICE="--nicelevel 5"
#  # ARGS="$ARGS "
#  # ulimit -c unlimited
#  CLEANUP_OLD_COREFILES=y
#  # USE_AA_EXEC="yes"  # default
#  # USE_AA_EXEC="no"
#  if [ -e /etc/default/tor.vidalia ] && [ -x /usr/bin/vidalia ]; then
#  	. /etc/default/tor.vidalia
#  fi


echo "%include /etc/tor/torrc.d/" | sudo tee -a /etc/tor/torrc



## Hidden services

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

TOR_DEST=/etc/tor/torrc.d
HIDDEN_DIR=/srv/tor/ssh_hidden_service
#HIDDEN_DIR=/var/lib/tor/other_hidden_services
HIDDEN_CONF=${TOR_DEST}/001_ssh.sh

sudo mkdir -p ${TOR_DEST} && sudo mkdir -p ${HIDDEN_DIR}
sudo chown -R debian-tor.debian-tor ${HIDDEN_DIR}
sudo chmod 2700 ${HIDDEN_DIR} && sudo chmod -x ${TOR_DEST}

cat <<EOF | sudo tee ${HIDDEN_CONF} >/dev/null
HiddenServiceDir ${HIDDEN_DIR}
HiddenServicePort 2222 127.0.0.1:22
EOF

## Relay only
# Don't publish bridges to https://bridges.torproject.org/
#PublishServerDescriptor 0

sudo /etc/init.d/tor restart

echo "hostname of for ssh tor hidden service is: "
cat ${HIDDEN_DIR}/hostname

echo "you can reach it using: "
echo "torsocks ssh -P 2222 <username>@$(cat ${HIDDEN_DIR}/hostname)"


# For apache
# /etc/apache2/conf-envabled/security.conf

# ServerTokens Prod
# ServerSignature Off


# sudo service apache2 restart