Menu
Start9 Docs Misc Guides Using SSH Over Tor

Using SSH Over Tor

Note

The following guide requires that you have already added an SSH key to your server.

Caution

SSH over Tor is only supported on Linux and macOS, although it can also work on Windows with in PuTTY like this. Note that those instructions use port 9150 but we’ve configured Tor in Windows on the traditional port: 9050.

Note

You might not need to complete this guide if you have already set up SSH on your server and you have regular access to your local network. SSH over Tor is for those who may be away from their server for a long time, who regularly access it over Tor rather than a VPN, and think they may need to do some heavy debugging while away.

Configure StartOS server:

Warning

After each server reboot, a new .onion address will be generated, rendering the old one inactive.

  1. SSH into your server.

    ssh start9@<custom-address>.local

  2. Elevate yourself to root in chroot edit mode which will make your changes persist across reboots:

    sudo /usr/lib/startos/scripts/chroot-and-upgrade

  3. Add these two lines to /etc/tor/torrc

    HiddenServiceDir /var/lib/tor/ssh

    HiddenServicePort 22 127.0.0.1:22

    With the following command…

    echo -e "\nHiddenServiceDir /var/lib/tor/ssh\nHiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc

  4. Restart your Start9 server by exiting chroot edit mode:

    exit

  5. SSH in to your Start9 server again and gather the “.onion” address that was generated:

    sudo cat /var/lib/tor/ssh/hostname

Note

Your newly generated .onion address is unique for SSH access only and should not be confused with the main .onion address for the server.

Configure local SSH client

  1. Install torsocks dependency.

    Debian / Ubuntu

    sudo apt install torsocks

    Arch / Garuda / Manjaro

    sudo pacman -S torsocks

  2. Run this command to set up your SSH config file to work with .onion domains.

    echo -e "\nHost *.onion\n\tProxyCommand nc -xlocalhost:9050 %h %p" >> ~/.ssh/config

    Note

    You only need to run this command only once to set up the SSH Over Tor configuration.

SSH Over Tor

To log in, simply use the following command, using the “.onion” hostname you printed above:

ssh start9@xxxxxxxxxxxxxxxxx.onion
PREVIOUS
Configuring Firefox for Tor
NEXT
Use an Existing Data Drive

On this page