SSH to Your Tor Onion SSHD

• Server config
  • sshd_config
  • torrc
• Client config
• Connect

You might need to connect to your server via a Tor Hidden Service and bypass certain censorship attempts on networks you’re using.

Server config

sshd_config

First modify your /etc/sshd_config adding an alternate port you want to use.

Port 3312 can just as well be Port 5542 or any other number you want.

Restart sshd

# systemd
systemctl restart sshd

# osx launchctl
launchctl stop com.openssh.sshd

torrc

DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/hidden_services/my-hidden-service
HiddenServicePort 3312 127.0.0.1:3312

Swap out /var/lib/tor for whatever it is on your system. Like /etc/tor or /usr/local/etc/tor.

Get your onion address.

cat /var/lib/tor/hidden_services/my-hidden-service/hostname

For our example we’ll call it my-hidden-service.onion which is invalid. Yours will be some random funky string.

Retart Tor

# systemd
systemctl restart tor

# osx homebrew service
brew service restart tor

Client config

Edit ~/.ssh/config

Host my-hidden-service
  HostName my-hidden-service.onion
  ProxyCommand /usr/bin/nc -X 5 -x '127.0.0.1:9050' %h %p
  Port 3312
  User debian
  IdentityFile ~/.ssh/my-hidden-service.pem

Swap out User and IdentityFile for whatever it is on your system.

ProxyCommand /usr/bin/nc -X 5 -x '127.0.0.1:9050' %h %p is going to route your connection over the local Tor socks proxy.

Connect

ssh my-hidden-service

Hopefully that will work for your purposes as it has mine.

Take care and good onion-ing.