Skip to content

SSH over Tor

One of the best ways to maintain your anonymity on Tilde Black is to connect to ssh using tor. Your home IP address will be hidden from other users.

Easy Mode

Before trying the rest of this document, you can try the easy-mode for ssh over tor:

  • Install tor
  • Run tor
  • torify ssh @black6kfjetfuzaeozz7fs53whh7xtd4e27telrf5fg5kgdt5ah5plad.onion -p 2222

If that doesn't work for you for any reason, the process below is more explicit and will likely solve your problems.

Detail Mode


In order to ssh over tor, we'll need some way to make our terminal session or a terminal command run over the tor network. My favorite way to do this is with a program called torsocks. This utility pushes a single command or an entire shell through a socks proxy to your tor connection. Since torsocks is just a socks proxy that means we'll need to do a couple things to get it to work.

You'll need to:

  • Install tor
  • Configure tor
  • Install torsocks
  • Configure torsocks
  • Start tor & torsocks
  • ssh

Step 1: Install tor

Just like on the server you'll need to install tor on your local machine. Read up on the tor website to see which method works best for your operating system. It's probably a one-liner.

Step 2: Configure tor

We need to configure our local tor differently than we did the server. We don't need any hidden services this time, but we do need to allow local connections to use it as a SOCKS proxy. Here's the key lines you'll need to uncomment, change, or add:

SOCKSPort 9050
SOCKSPolicy accept
SOCKSPolicy accept6 FC00::/7
ControlPort 9051
CookieAuthentication 1

Step 3: Install torsocks

sudo apt install torsocks # linux
pkg_add torsocks # openbsd
brew install torsocks # probably works on osx?

Step 4: Configure torsocks

To be honest, I don't remember if this is required or if it comes like this out of the box. Edit the file /etc/tor/torsocks.conf and verify that the following lines are present and not commented out:

TorPort 9050

Step 5: Start tor & torsocks

Now that everything is all configured, whenever you want to run torsocks you'll need to first start tor in another terminal or tmux pane. Running tor is as easy as typing:

$ tor

You'll get some interesting output before it eventually says 100% bootstrapped. That means you're up and running. Now in your other terminal window you can start the torsocks proxy connection like so:

$ . torsocks on

This will respond back with: "Tor mode activated. Every command will be torified for this shell." And that's exactly it. You should be fully running now and able to try your ssh connection.

Step 6: ssh

$ ssh <username>@black6kfjetfuzaeozz7fs53whh7xtd4e27telrf5fg5kgdt5ah5plad.onion -p 2222

Step 7: Verify fingerprints

The Tilde.Black ssh fingerprints are listed below. Please verify your connection the first time you handshake with the server.

2048 SHA256:607+v+LKU8JMu3IBZ5TybQoU/R8kKsamYvtbEnW/LwA []:2222 (RSA)
256 SHA256:9WydxCE5fOFWfrOwZrJEKIm8OFhi+7vt5VsF7CGBDxg []:2222 (ECDSA)
256 SHA256:kCUXtju61+hD0wLZ0lb6OisP2Qf2K7hwyxTSvz5VoFM []:2222 (ED25519)