Skip to content

How to run an SSH connection through Tor

Looking for a way to gain a bit more security and privacy for your SSH connections? Jack Wallen shows you how with the help of Tor.

Cyber security lock. Security computer Data Internet protection with lock, key on microscheme chip. Hacker attack and data breach, information leak concept.

Image: iStockphoto/Nature

SSH is, by design, a fairly secure means of gaining shell access to remote machines. However, there are always ways to eke out a bit more security and privacy from these connections.

One such method is with the help of Tor. With Tor, you can add a level of anonymity and even hide your services from prying/hacking eyes.

I’m going to walk you through the process of making SSH connections over Tor. The process isn’t terribly difficult so anyone that administers SSH should be able to make this work.

SEE: Security Awareness and Training policy (TechRepublic Premium)

What you’ll need

I’ll be demonstrating on two Ubuntu server machines, but the process will work with just about any Linux distribution. You’ll also need a user with sudo privileges.

How to install Tor

The first thing you must do is install Tor. You’ll need to do this on both the client and the server, so log in and run the following command on each:

sudo apt-get install tor -y

Once that installation completes, you’re ready to configure Tor.

How to configure Tor

We need to add a couple of configuration options to the default Tor configuration file. Log in to the server you’ll be connecting to and issue the command:

sudo nano /etc/tor/torrc

At the bottom of that file, add the following:

HiddenServiceDir /var/lib/tor/other_hidden_service/
HiddenServicePort 22

Save and close the file. 

Restart Tor with the command:

sudo systemctl restart tor

The restarting of Tor will generate all the necessary files within /var/lib/tor/other_hidden_service. In that directory will be the hostname you’ll need to use to connect to the server from the remote client. To find out that hostname, issue the command:

sudo cat /var/lib/tor/other_hidden_service/hostname

You should see something like:


How to connect to the server

Head over to your client, where you’ve also installed Tor. In order to connect to the server, you’ll use the hostname provided by the cat command from above. So to make the connection, you’d issue the command:

torify ssh USER@HOSTNAME

Where USER is a remote user and HOSTNAME is the hostname provided by Tor.

For example:

torify ssh jack@riludi2kstjwmlzn.onion

You’ll be prompted for your remote user password (or SSH key auth passphrase) and be allowed entry to the server. 

The only caveat to using Tor in this manner is that it’s slightly slower to connect than a straight up SSH connection. That sacrifice of seconds is well worth the anonymity you gain.

Also see