SFTP hidden service

1.  
2.  
3. ========================= SFTP hidden service =======================
4.  
5. This guide has been written to help Windows users, but it can also be used with Linux, replacing Putty with OpenSSH and Gpg4Win with GnuPG. FileZilla can be replaced with the sftp command line utility.
6.  
7.  
8.  
9. - download the required sofware:
10. --------------------------------
11. *) Tor Browser Bundle - https://www.torproject.org/download/
12. *) PuttyGen and Pageant - http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
13. *) Filezilla - https://filezilla-project.org/
14. *) Gpg4Win - http://www.gpg4win.org/download.html
15.  
16.  
17. - create a new SSH key for logging in:
18. --------------------------------------
19. *) puttygen - Generate a new SSH-2 RSA 4906 bits key.
20. *) puttygen - Save public key to a file named "reg-username.txt", where 'username' is your chosen username. The username may contain only lowercase letters a-z, numbers 0-9 and a dot ".".
21. *) puttygen - Enter your chosen passphrase and Save private key.
22.  
23.  
24. - client setup and registration:
25. --------------------------------
26. *) tor - install the Tor Browser Bundle and run Start Tor Browser.exe
27. *) filezilla - in Edit-Settings-Generic proxy set Type: SOCKS5, Host: 127.0.0.1, Port: 9150
28. *) filezilla - log in to the hidden service using Protocol: SFTP, Logon Type: Normal, User: sftp.anon, Password: anon
29. *) filezilla - upload your personalized reg-username.txt to the remote directory called "registration"
30. *) filezilla - disconnect
31.  
32.  
33. - create a new GPG key for signing and encrypting your messages:
34. ----------------------------------------------------------------
35. *) gpg4win - run GPA.exe, choose Keys-New Key - Algorithm: RSA, Key size: 4096 (or 3072), Name: sftp.username (use your chosen username), Email: [email protected], Expires: no
36. *) gpg4win - choose a passphrase for the key and let the program create it
37. *) gpg4win - select the key and Export it to a file named "gpg-username.txt"
38.  
39.  
40. - set up the key agent, test your new account and upload your GPG key:
41. ----------------------------------------------------------------------
42. *) wait until your account is activated (this is done manually and may take a day or two)
43. *) pageant - start Pageant and use Add Key to add your Private SSH Key created using PuttyGen (enter the passphrase of the key)
44. *) filezilla - use the same general settings as before, but set User to sftp.username (where username is your chosen username), Logon Type: Interactive
45. *) filezilla - upload your gpg-username.txt to the remote directory called "gpg"
46. *) disconnect
47.  
48.  
49. - learn how to use the mailbox:
50. -------------------------------
51. *) a private message is a normal text file generated by GPG in "armor" (ASCII) mode, containing a text message (.txt) or another type of file (eg. an image or an archive containing a folder) in an encapsulated form (.asc)
52. *) deliver this file to some other user's mailbox by uploading it to a "mailbox/username/" directory
53. *) private messages must be signed and encrypted using GPG as anyone can upload or download them
54.  
55.  
56. - learn how to use the forums:
57. ------------------------------
58. *) a forum post is a normal text file generated by GPG in "armor" (ASCII) mode, containing a text message (.txt) or another type of file (eg. an image or an archive containing a folder) in an encapsulated form (.asc)
59. *) publish the file in a forum by uploading it to a "forum/forum_title" directory
60. *) forum posts must be signed using GPG
61. *) forum posts shouldn't be encrypted, unless you are posting to a private forum and share the private key created for this purpose with the other posters
62. *) only the administrator can create new forums - you can request it by sending him a private message - (the username of the administrator is in the About.txt file)