Andrew's Variety Blog Logo
Andrew's Variety Blog

SSH over Tor network

Andrew O

Andrew O

5 min read Tags: Linux

Table of Contents

Introduction, why SSH over Tor?

In this article, we will cover how to set up SSH over Tor network. To give a brief definition, Tor network is a network of servers that allows you access the normal internet, as well as hidden services (e.g. onion sites) anonymously. A hidden service is a service that is only accessible through the Tor network, and is not directly accessible from the internet. SSH is a secure protocol that allows you to access a remote machine securely and is widely used in the IT industry.

Why would you want to use SSH over Tor network?

The main reason for doing this is to access a local net (e.g. your home network) remotely, without exposing your IP address to the internet. In this way, Tor network serves as a proxy, and your home network is not directly accessible from the internet.

Compared to VPN, Tor network is free and can be used for this purpose, however it is slower and not as reliable as a VPN.

Overview

There are two roles here, the server and the client. The server is the machine that you want to access remotely, and the client is the machine that you will use to access the server. In this article, we will use a smartphone or Linux machine as a client, and a Raspberry Pi as a server. A use-case for this is to access your home network from your smartphone, to do some simple tasks like running a python script, or checking the status of a home automation service.

The setup consists of three parts:

  1. Setting up Tor hidden service on the server
  2. Setting up SSH server on the server
  3. Setting up SSH client on the client

SSH over Tor

In the diagram above, the host that runs SSH client connects to the server through the Tor network, and the server is running a Tor hidden service.

Server setup

Setting up SSH server

First, we need to install the SSH server on the server. On the Raspberry Pi, this can be done with the following command:

sudo apt-get install openssh-server

On Arch:

sudo pacman -S openssh

On other Linux distributions, you can use the package manager to install the SSH server.

To test that the setup was successful, you can check the status of the SSH server with the following command:

sudo systemctl status ssh

If the service is running, you should see the following output:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-12-21 16:47:29 UTC; 1min 30s ago

You can also test the SSH server by connecting to it from another machine on the same network with the following command:

ssh username@server-ip

Replace username with your username on the server, and server-ip with the IP address of the server. Next, we will set up the Tor hidden service on the server.

Setting up Tor hidden service

First, we need to install Tor on the server. On the Raspberry Pi, this can be done with the following command:

sudo apt-get install tor

On Arch:

sudo pacman -S tor

On other Linux distributions, you can use the package manager to install Tor.

Next, we need to configure Tor to run a hidden service. This can be done by editing the Tor configuration file, which is located at /etc/tor/torrc. Open the file with your favorite text editor and add the following lines at the end of the file:

HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 127.0.0.1:22

Next, restart the Tor service with the following command:

sudo systemctl restart tor

Afterwards, check the status of the Tor service with the following command:

sudo systemctl status tor

If the service is running, you should see the following output:

● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
     Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-12-21 16:47:29 UTC; 1min 30s ago

To find out the address of the service, check the contents of the /var/lib/tor/ssh/hostname file with the following command:

cat /var/lib/tor/ssh/hostname

The output should look something like this:

hostaddress.onion authcookie # client: clientname

Copy the address and store it somewhere, as you will need it to connect to the server remotely. Next, we will set up the client.

Client setup

Setting up client (smartphone)

First example of a client would be a smartphone, it is very handy to be able to access your home network from a device that is always with you. You might need to do some searching to find a good SSH client for your smartphone, but there are plenty of options available both on Android and iOS.

I will provide a combination that I use personally on Android, which is the following:

  1. Orbot - a free proxy app for Android that allows other apps to use the Tor network
  2. JuiceSSH - a free SSH client for Android

The setup is done in two steps:

  1. Install Orbot and connect to the Tor network
  2. Install JuiceSSH and SSH to the server, using the address from the /var/lib/tor/ssh/hostname file

The address that you will use will look like this: hostaddress.onion, where hostaddress will be a random string of characters.

Setting up client (Linux)

For Linux, you can set up the client in a similar way to the smartphone, by installing the Tor client and an SSH client. To install the tor client, follow the instructions above to install the package, and then connect to the Tor network with the following command:

tor

Note that you may need to run that as root, depending on your configuration sudo tor.

To check that you are connected to the Tor network, you can use the following command:

curl --socks5-hostname localhost:9050 https://check.torproject.org/ | grep "Congratulations. This browser is configured to use Tor."

If you see the message “Congratulations. This browser is configured to use Tor.”, you are connected to the Tor network.

Next, install the SSH client with the following command:

sudo apt-get install openssh-client

To connect to the server, use the address from the /var/lib/tor/ssh/hostname file, and connect with the following command:

ssh hostaddress.onion

If the setup was done correctly, you should be able to connect to your server like it was a normal SSH connection, but through the Tor network. You can also do that from a different network, as long as you have the address from the /var/lib/tor/ssh/hostname file.

Conclusion

In this article, we have covered how to set up SSH over Tor network. The setup consists of three parts: setting up the SSH server, setting up the Tor hidden service, and setting up the SSH client. By following the steps outlined in this article, you will be able to access your home network from anywhere in the world, without exposing your IP address to the internet.

Have a good day,

Andrew

Recent Posts

/../assets/images/posts/tgu1.png
Heavy Kettlebell Turkish Getups, part 1

Benefits, drawbacks, forearm pain

Tags: Tags/Kettlebells
Andrew O

Andrew O

6 min read
/../assets/images/posts/pw1.png
Remote plant watering with Raspberry Pi

Remote plant watering with Raspberry Pi, 5$ water pump, and Tor network for remote access

Tags: Tags/Projects, Linux
Andrew O

Andrew O

4 min read

Leave a comment

Need help? Get 1:1 live session on a trusted platform

Contact me on Codementor to schedule a 1:1 live session to help with your project or to learn something new.

Book a session