SSH to Your Tor Onion SSHD
You might need to connect to your server via a Tor Hidden Service and bypass certain censorship attempts on networks you’re using.
Server config
sshd_config
First modify your /etc/sshd_config
adding an alternate port you want to use.
Port 3312
can just as well be Port 5542
or any other number you want.
Restart sshd
# systemd
systemctl restart sshd
# osx launchctl
launchctl stop com.openssh.sshd
torrc
DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/hidden_services/my-hidden-service
HiddenServicePort 3312 127.0.0.1:3312
Swap out /var/lib/tor
for whatever it is on your system. Like /etc/tor
or /usr/local/etc/tor
.
Get your onion address.
cat /var/lib/tor/hidden_services/my-hidden-service/hostname
For our example we’ll call it my-hidden-service.onion
which is invalid. Yours will be some random funky string.
Retart Tor
# systemd
systemctl restart tor
# osx homebrew service
brew service restart tor
Client config
Edit ~/.ssh/config
Host my-hidden-service
HostName my-hidden-service.onion
ProxyCommand /usr/bin/nc -X 5 -x '127.0.0.1:9050' %h %p
Port 3312
User debian
IdentityFile ~/.ssh/my-hidden-service.pem
Swap out User
and IdentityFile
for whatever it is on your system.
ProxyCommand /usr/bin/nc -X 5 -x '127.0.0.1:9050' %h %p
is going to route your connection over the local Tor socks proxy.
Connect
ssh my-hidden-service
Hopefully that will work for your purposes as it has mine.
Take care and good onion-ing.