LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Using a Ubuntu/Debian VPS to Establish Anonymous SSH sessions with TOR

Perhaps you’ve wanted to set up a virtual private server (VPS) to anonymize HTTP traffic on the TOR network.

OpenSSH would be the first solution that admins would turn to, given the fact that OpenSSH is the de facto tool used utilize to encrypt connections on a VPS.

A bigger question remains: How do you port all of your TOR connections through SSH? A few configuration changes must be made. Also, a proxy must be established in order to achieve an anonymous SSH session with TOR.

Luckily, all of this is really easy to configure.

In case you haven’t installed TOR yet, you may want to go ahead and do so. The instructions for installing TOR has been published numerous times online. Here is a recap of how to get TOR installed:

Refresher on Installing TOR

If TOR isn’t available in your repository, you must take steps in order to ensure that it is available for you to install.

If you can confirm that TOR is already available for you to install, you may skip to the section and proceed to the section titled, “One Liner for Updating Repos and Installing TOR.”

If TOR Isn’t Available in your Repository

You would want to open /etc/apt/sources.list and add the following line.

deb http://deb.torproject.org/torproject.org DISTRONAME main

Note: the DISTRONAME in caps needs to be replaced with your distribution’s name. For example, Lenny, Squeeze, etc.

Install the PGP Key

Experts recommend that you install a PGP key to ensure that the repo is authorized. In a terminal session, type:

apt-key adv –recv-keys –keyserver subkeys.pgp.net 0x94C09C7F

Next, you are ready to update your repositories and get TOR installed.

One Liner for Updating Repos and Installing TOR

apt-get update && apt-get install -y tor

You must now install the proxy we discussed above, which can be done using the following command at the terminal:

apt-get install -y connect-proxy

But Wait, There’s More: Configuring OpenSSH to Work with TOR

At this point in the tutorial, you have everything in place. Now it is time to make OpenSSH and TOR work seamlessly.

Most experts do not recommend setting up OpenSSH to use TOR for all connections. If you wish to do so, you’d open your ~/.ssh/config file and add this to the top of the file:

Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Most of those who set up their VPS to create anonymous SSH session with TOR will only want specific connection types to be tunneled in this fashion. To define specific connections, you’d open your ~/.ssh/config file and add this text to the top of the file:

Host YOURDOMAINNAME
HostName YOURDOMAINNAME.COM
User YOURACCOUNT
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Note: In the above text, you’ll want to change YOURDOMAINNAME and YOURACCOUNT to match the appropriate values for your environment.

Conclusion

That’s the general gist of setting up a VPS to create an anonymous SSH session with TOR.

When you set up this type of service, we remind you to only do so within the laws and legal regulatory framework in your area. You should only use a VPS to create anonymous SSH tunnels with TOR to conduct lawful activities.

(This post was written by a contributor, not by the person posting it)

Jarland

3 Comments

  1. texteditor:

    how’s the latency

    December 27, 2015 @ 12:47 pm | Reply
    • Jarland Donnell:

      I can’t imagine it’s anything less than atrocious ;)

      December 27, 2015 @ 7:45 pm | Reply
  2. Flabian Rathler:

    IMO “torsocks ssh user@domain.com” is a better option.

    December 31, 2015 @ 2:45 am | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *