How can I anonymize my SSH traffic using the Tor network?

  • I have a working installation of Tor. I am able to both access hidden services and proxy my clear-net traffic through Tor. My main source of traffic so far has been HTTP.

    I would like to know how I can use Tor to access remote computers through the use of SSH. I would like answers for the major operating systems: Windows, Linux/Unix, Mac OS X.

    Further, can programs such as rsync be made to use the Tor network?

    Usually questions should cover just one topic. So it might be a good idea to ask your rsync question separately.

    @JensKubieziel Normally I'd agree with you, but rsync and SSH are so closely tied in this example (since rsync is using ssh as its remote shell) that I personally would think this one is okay.

  • Sam Whited

    Sam Whited Correct answer

    9 years ago

    For SSH you can do something like the following:

    ssh -o ProxyCommand='nc -x localhost:$orport %h %p'

    Options can also be configured in your ~/.ssh/config (or /etc/ssh/ssh_config, or the equivalent on your OS) file:

    Host example
        ProxyCommand /usr/bin/nc -x localhost:$orport %h %p

    Rsync can then use ssh as its remote shell and it will pick up the previous config:

    rsync -e ssh example:path/to/files /dest

    or, by directly passing arguments to the remote shell:

    rsync -e "ssh -o ProxyCommand='nc -x localhost:$orport %h %p'" /dest

    Finally, you can use the RSYNC_CONNECT_PROG environment variable to set up all future RSYNC invocations to use Tor (without having to manually specify it each time):

    export RSYNC_CONNECT_PROG='ssh proxyhost nc -x localhost:$orport %h %p'
    rsync /dest 

    Replace $orport with the port you've got Tor's SOCKS proxy listening on.

    Right. Note this also works for hidden services. For example: ssh -o ProxyCommand='nc -x localhost:9050 %h %p' wjawsduj7uxqnqhu.onion

    I just did the netcat proxy command here on Gentoo. There is a detail here: Gentoo's default netcat is netcat6, which has a different command line invocation. To use this method, you first have to install OpenBSD netcat with `emerge openbsd-netcat`. This will install `nc.openbsd`. Then, do the SSH ProxyCommand method discussed above, substituting `nc.openbsd` instead of just `nc`.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used