In this guide we will be setting up SSH access over I2P, in order to connect to an I2P-connected node over I2P, instead of over the public Internet with IPv4 / IPv6.
Setting Up Server Tunnel
First, ensure I2P is up and running, then edit /etc/i2pd/tunnels.conf and add:
[SSH Proxy]
type = server
host = 127.0.0.1
port = 22
keys = anon-ssh.dat
That’s it! You have now exposed this node’s SSH service to the I2P network. Next step is configuring the client.
Configuring the Client - I2P Client Tunnel Method (I2P install required)
You can set this up by adding the following lines to your tunnels.conf and adjust it for your performance/anonymity needs.
[SSH-CLIENT]
type = client
host = 127.0.0.1
port = 7622
inbound.length = 1
outbound.length = 1
inbound.quantity = 5
outbound.quantity = 5
i2cp.dontPublishLeaseSet = true
destination = thisshouldbethebase32ofthesshservertunnelabovebefore.b32.i2p
keys = ssh-in.dat
Configuring the Client - Proxychains Method (No I2P install required)
On the client machine, ensure that proxychains4 is installed. On Termux, this package is called proxychains-ng. After that, this is a minimal configuration file example:
strict_chain
proxy_dns
remote_dns_subnet 127
[ProxyList]
http 127.0.0.1 4444
Ensure that the port number after 127.0.0.1 matches the HTTP Proxy that I2P is using on the client machine.
Connecting over I2P - I2P Client Tunnel method
There are lots of ways to set up an SSH client to connect to your server on I2P, but there are a few things you should do to secure your SSH client for anonymous use. First, you should configure it to only identify itself to SSH server with a single, specific key so that you don’t risk contaminating your anonymous and non-anonymous SSH connections.
Make sure your $HOME/.ssh/config contains the following lines:
IdentitiesOnly yes
Host 127.0.0.1
IdentityFile ~/.ssh/login_id_ed25519
Alternatively, you could make a .bashrc alias entry to enforce your options and automatically connect to I2P. You get the idea, you need to enforce IdentitiesOnly and provide an identity file.
i2pssh() {
ssh -o IdentitiesOnly=yes -o IdentityFile=~/.ssh/login_id_ed25519 serveruser@127.0.0.1:7622
}
Connecting over I2P - Proxychains method
Now we’re ready to connect over I2P! Simply run:
user@client:~% proxychains4 -f proxychains4.conf ssh user@Looooooooooooooongbase32addressgoeshere.b32.i2p
[proxychains] config file found: proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] Strict chain ... 127.0.0.1:4444 ... user@Looooooooooooooongbase32addressgoeshere.b32.i2p:22 ... OK
user@Looooooooooooooongbase32addressgoeshere.b32.i2p's password:
user@server:~$ echo "Hello over I2P"
Hello over I2P