Connecting to SSH before Tor
< Tunnels
 | Before combining Tor with other tunnels, be sure to read and understand the risks! |
 | Advertisement: Too difficult to set up? Provider specific automation can be created for you by the lead developer of Whonix. Send reasonable price suggestions. Get in contact. |
| Documentation for this is incomplete. Contributions are happily considered! |
| Advertisement: It's possible to pay for the completion of this wiki page. Send reasonable price suggestions. Get in contact. |
User -> SSH -> Tor -> Internet
The SSH tunnel be configured on the host or inside Whonix-Gateway.
Contents
Install SSH Client[edit]
sudo apt-get update
sudo apt-get install ssh
Test Connection[edit]
ssh yourusername@your.ssh.server
- TODO: Public key authentication steps
apt-get install lynx
lynx check.torproject.org
exit
Configure Local Server[edit]
ssh -D 1080 your.ssh.server
- TODO: Run in background on each start up before Tor.
- TODO: Public Key authentication steps
Configure Tor[edit]
Option 1: Use Anon Connection Wizard[edit]
Beginning with Whonix 14, a prefixed proxy can be configured easily using Anon Connection Wizard.
Step 1: Start Anon Connection Wizard[edit]
If you are using Qubes-Whonix, complete the following steps.
Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Anon Connection Wizard
If you are using a graphical Whonix-Gateway, complete the following steps.
Start Menu -> Applications -> System -> Anon Connection Wizard
If you are using a terminal Whonix-Gateway, type.
kdesudo anon-connection-wizard
Step 2: Use Proxy Configuration Page[edit]
Select "Use proxy before connecting to the Tor network" on the Proxy Configuration page -> Choose the proxy type -> Fill out other necessary information
| Tips:
1. Proxy Type The proxy type is the protocol which is used to communicate with the proxy server. Since there are only three options, they can all be tried until one works. 2. Proxy IP/hostname It is necessary to know the proxy IP for attempted connections. If the user is trying to connect to a local proxy, then 127.0.0.1 should be specified since it is the localhost. 3. Proxy Port number It is necessary to know the port number for attempted connections. It should be a positive integer from 1 to 65535. If searching for the listening port number of a well-known censorship circumvention tool, it can be found online. 4. Username and Password If the username and password are unknown, they should be left blank to see if the connection will succeed. In most cases they are not needed. |
Option 2: Manually Configure Proxy[edit]
| From Whonix 14 onwards, all user unique Tor configurations should be stored in /usr/local/etc/torrc.d/50_user.conf and not anywhere else. Note that Whonix will not modify /usr/local/etc/torrc.d/50_user.conf once it is created, therefore the user is responsible for adding or removing specific configurations in this file. |
Open /usr/local/etc/torrc.d/50_user.conf.
If you are using Qubes-Whonix, complete the following steps.
Qubes App Launcher (blue/grey "Q") -> Whonix-Gateway ProxyVM (commonly named sys-whonix) -> Tor User Config (Torrc)
If you are using a graphical Whonix-Gateway, complete the following steps.
Start Menu -> Applications -> Settings -> /usr/local/etc/torrc.d/50_user.conf
If you are using a terminal-only Whonix-Gateway, complete the following steps.
sudo nano /usr/local/etc/torrc.d/50_user.conf
- If SSH tunnel was setup from Whonix-Gateway:
Socks5Proxy 127.0.0.1:1080
- If SSH tunnel was setup from host operating system, change IP:PORT as needed:
Socks5Proxy IP:PORT
Firewall Configuration[edit]
- TODO: if running inside Whonix-Gateway, new firewall rules are probably required.
No user support in comments. See Support.
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
Join us in testing our new AppArmor profiles for improved security! (forum discussion)
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix is a trademark. Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix itself. (Why?)
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix is provided by ENCRYPTED SUPPORT LP. See Imprint.
Enable comment auto-refresher