SSH over Tor
One of the best ways to maintain your anonymity on Tilde Black is to connect to ssh using tor. Your home IP address will be hidden from other users.
Before trying the rest of this document, you can try the easy-mode for ssh over tor:
- Install tor
- Run tor
- torify ssh
@black6kfjetfuzaeozz7fs53whh7xtd4e27telrf5fg5kgdt5ah5plad.onion -p 2222
If that doesn't work for you for any reason, the process below is more explicit and will likely solve your problems.
In order to ssh over tor, we'll need some way to make our terminal
session or a terminal command run over the tor network. My
favorite way to do this is with a program called
utility pushes a single command or an entire shell through a socks
proxy to your tor connection. Since
torsocks is just a socks
proxy that means we'll need to do a couple things to get it to
You'll need to:
- Install tor
- Configure tor
- Install torsocks
- Configure torsocks
- Start tor & torsocks
Step 1: Install tor
Just like on the server you'll need to install tor on your local machine. Read up on the tor website to see which method works best for your operating system. It's probably a one-liner.
Step 2: Configure tor
We need to configure our local tor differently than we did the server. We don't need any hidden services this time, but we do need to allow local connections to use it as a SOCKS proxy. Here's the key lines you'll need to uncomment, change, or add:
SOCKSPort 9050 SOCKSPolicy accept 192.168.0.0/16 SOCKSPolicy accept6 FC00::/7 ControlPort 9051 CookieAuthentication 1
Step 3: Install torsocks
sudo apt install torsocks # linux pkg_add torsocks # openbsd brew install torsocks # probably works on osx?
Step 4: Configure torsocks
To be honest, I don't remember if this is required or if it comes like this out of the box. Edit the file /etc/tor/torsocks.conf and verify that the following lines are present and not commented out:
TorAddress 127.0.0.1 TorPort 9050
Step 5: Start tor & torsocks
Now that everything is all configured, whenever you want to run torsocks you'll need to first start tor in another terminal or tmux pane. Running tor is as easy as typing:
You'll get some interesting output before it eventually says 100% bootstrapped. That means you're up and running. Now in your other terminal window you can start the torsocks proxy connection like so:
$ . torsocks on
This will respond back with: "Tor mode activated. Every command will be torified for this shell." And that's exactly it. You should be fully running now and able to try your ssh connection.
Step 6: ssh
$ ssh <username>@black6kfjetfuzaeozz7fs53whh7xtd4e27telrf5fg5kgdt5ah5plad.onion -p 2222
Step 7: Verify fingerprints
The Tilde.Black ssh fingerprints are listed below. Please verify your connection the first time you handshake with the server.
2048 SHA256:607+v+LKU8JMu3IBZ5TybQoU/R8kKsamYvtbEnW/LwA [tilde.black]:2222 (RSA) 256 SHA256:9WydxCE5fOFWfrOwZrJEKIm8OFhi+7vt5VsF7CGBDxg [tilde.black]:2222 (ECDSA) 256 SHA256:kCUXtju61+hD0wLZ0lb6OisP2Qf2K7hwyxTSvz5VoFM [tilde.black]:2222 (ED25519)