How to Make SSH Connection via Tor
Often, ISP doesn't allow us to reach our computers using normal IP or IPv6 and cuts ports using NAT. Here is a guide how to overpass this problem using Tor.
- First, install Tor in all computers you want to get connected (search instruction for your distribution; in Debian-like systems, it's simply apt install tor, see link). Make sure if Tor is running using sudo /etc/init.d/tor status, if not run sudo /etc/init.d/tor start
- In computers you want to use as servers, you should run an ssh server. Here are instructions for Debian-like systems. Check if it's running: sudo /etc/init.d/ssh status.
To reach you ssh server via tor you need to have these lines
uncommented or added in /etc/tor/torrc:
HiddenServiceDir /var/lib/tor/hidden_ssh_service/ HiddenServicePort 22 127.0.0.1:22Restart Tor and SSH servers:
sudo /etc/init.d/ssh restart sudo /etc/init.d/tor restart
- You can find the hostname in /var/lib/tor/hidden_ssh_service/hostname . It's in format xyz.onion - it can be very long string.
Now, you can easily reach the server from any client with Tor
running. You simply need to use torsocks
or torify (almost no difference, torsocks is preferably)
torsocks ssh email@example.com torsocks scp firstname.lastname@example.org:/tmp/filename.txt ~/
You may make your life easier by using aliases for your
hosts. First install connect-proxy. Then, simply, edit your ~/.ssh/config file adding
something like this:
host myhost user myusername hostname xyz.onion ProxyCommand connect-proxy -a none -S 127.0.0.1:9050 %h %pNow, you can easily reach your host using the myhost alias. E.g.,
ssh myhost scp file.txt myhost:~/ rsync -avzr --progress --size-only ~/books/ myhost:~/allbooks.
You can try to make a bookmark in your file manager. In my Caja,
it works like this: go to File → Connect to Server: