When prompted for Enable SSH over Tor, enter no, and run:
./securedrop-admin install
You might be prompted by the installer to run ./securedrop-admin install again. If so, please do. Finally, run:
./securedrop-admin tailsconfig
You should now be able to administer your SecureDrop instance by ssh over local network.
As for testing the rate limiting, try to ssh using the server’s IP, with an incorrect user name. If you do it several times, you should be locked out for a few minutes.
Does it mean that I can ssh to a local IP from the tails key? I thought it was only possible to ssh from tails via Tor. Looks like I’m missing something here
The rules in install_files/ansible-base/roles/restrict-direct-access/templates/rules_v4
-A OUTPUT -o lo -p tcp --dport 22 -m owner --uid-owner debian-tor -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT -m comment --comment "Rate limit traffic from tor to the ssh dameon"
suggest trying 3 times in less that one minute should be enought to trigger rate limiting. I’m unclear about how long it lasts?
limit-burst 3 should allow 3 attempts in rapid succession, after which the limit of 3 per minute will kick in. The burst should be available after 3 minutes, if the rate limit isn’t hit in the meantime.
a) try 3 (burst) + 3 (rate limit) + 1 = 7 times within one minute and verify that I’m blocked (for how long?)
b) wait 3 minutes, verify that trying 3 times rapidly is not blocked