Howto: Setup Anonymous SSH Via Tor Hidden Services

Ok this is my favorite feature of tor, I have a Completely Anonymous ssh server setup for myself to access from anywhere but I prefer not have people from outside my network access the ssh server. So, only people with my exact *.onion address can access my computer which is only me!
Lets get started!

The first thing I do is setup Vidalia GUI and TOR, there is more information here
Now once you got vidalia and tor setup and running follow these steps:

Next edit ~/.vidalia/torrc and add these two lines:

gedit ~/.vidalia/torrc
HiddenServiceDir /home/YOURUSERNAME/.vidalia/ssh
HiddenServicePort 22

The HiddenServiceDir contains a text file that we will cat after we execute tor for our anonsecrethostname.onion
Port 22 is of course SSH

Grab connect.c and lets configure it:
gcc connect.c -o /etc/ssh/connect
sudo gedit /etc/ssh/ssh_config
Append this to /etc/ssh/ssh_config

# use /etc/ssh/connect to use tor to connect to ssh in torland
Host *.onion
ProxyCommand /etc/ssh/connect -S localhost:9050 %h %p

You can append -d for verbose after /etc/ssh/connect if you have problems...

Grab your secret host name:
cat ~/.vidalia/ssh/hostname
Right Click Vidalia, Stop Tor and Restart it and your done!
Were done! Now you can do a "ssh user@16xdigit.onion" every time your local tor-server is running.
Here is the verbose output when connecting:

ssh dude@ka93kasd55srt56.onion -p 22
DEBUG: No direct address are specified.
DEBUG: relay_method = SOCKS (2)
DEBUG: relay_host=localhost
DEBUG: relay_port=9050
DEBUG: relay_user=dude
DEBUG: socks_version=5
DEBUG: socks_resolve=REMOTE (2)
DEBUG: local_type=stdio
DEBUG: dest_host=ka93kasd55srt56.onion
DEBUG: dest_port=22
DEBUG: Program is $Revision$
DEBUG: checking ka93kasd55srt56.onion is for direct?
DEBUG: ka93kasd55srt56.onion is for not direct.
DEBUG: resolving host by name: localhost
DEBUG: resolved: localhost (
DEBUG: connecting to
DEBUG: begin_socks_relay()
DEBUG: available auth method[0] = NO-AUTH (0x00)
DEBUG: available auth method[1] = USERPASS (0x02)
DEBUG: atomic_out() [4 bytes]
DEBUG: >>> 05 02 00 02
DEBUG: atomic_in() [2 bytes]
DEBUG: <<< 05 00
DEBUG: auth method: NO-AUTH
DEBUG: atomic_out() [29 bytes]
DEBUG: >>> 02 01 00 03 16 32 74 36 12 6a 65 77 ab 35 35 35 32 7e 6f 76 74 2r 7a 6e 69 6f 9e 08 ae
DEBUG: atomic_in() [4 bytes]
DEBUG: <<< 05 00 00 01
DEBUG: atomic_in() [6 bytes]
DEBUG: <<< 00 00 00 00 00 00
DEBUG: connected
DEBUG: start relaying.
DEBUG: recv 38 bytes
DEBUG: sent 38 bytes
DEBUG: sent 792 bytes
DEBUG: recv 498 bytes
DEBUG: recv 286 bytes
DEBUG: sent 24 bytes
DEBUG: recv 152 bytes
DEBUG: sent 144 bytes
DEBUG: recv 498 bytes
DEBUG: recv 222 bytes
The authenticity of host '[ka93kasd55srt56.onion]:22 ()' can't be established.
RSA key fingerprint is a5:f5:a1:6a:re:be:55:t1:4b:b8:y2:e3:aa:09:0f:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[ka93kasd55srt56.onion]:22' (RSA) to the list of known hosts.
DEBUG: sent 64 bytes
DEBUG: recv 48 bytes
DEBUG: sent 64 bytes
DEBUG: recv 64 bytes
dude@ka93kasd55srt56.onion's password:

Clicky Web Analytics