Instructions on how to connect to SSH before Tor.

User → SSH → Tor → Internet

Introduction[edit]

Before combining Tor with other tunnels, be sure to read and understand the risks!

Advertisement:
Too difficult? Consider purchasing Premium Support.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Advertisement:
It's possible to pay for the completion of this wiki page. Send reasonable price suggestions. Get in contact.

The SSH tunnel be configured on the host operating system (OS) (outside any virtual machine (VM) or inside Whonix-Gateway^™.

Install SSH Client[edit]

Install package(s) openssh-client.

A. Update the package lists and upgrade the system.

sudo apt update && sudo apt full-upgrade

B. Install the openssh-client package(s).

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends openssh-client

C. Done.

The procedure of installing package(s) openssh-client is complete.

Test Connection[edit]

ssh example.com

TODO: Public key authentication steps

apt install lynx

lynx check.torproject.org

exit

Configure Local Server[edit]

ssh -D 127.0.0.1:1080 example.com

TODO: Run in background on each start up before Tor.
TODO: Public Key authentication steps

Configure Tor[edit]

Option 1: Use Anon Connection Wizard[edit]

A prefixed proxy can be configured easily using Anon Connection Wizard.

Step 1: Start Anon Connection Wizard[edit]

If you are using Qubes-Whonix^™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Gateway^™ ProxyVM (commonly named sys-whonix) → Anon Connection Wizard

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu → Applications → System → Anon Connection Wizard

If you are using a terminal emulator (such as for example xfce4-terminal) on Whonix-Gateway, type.

lxsudo anon-connection-wizard

If you are using a CLI Whonix-Gateway, see footnote. ^[1]

Step 2: Use Proxy Configuration Page[edit]

Select "Use proxy before connecting to the Tor network" on the Proxy Configuration page → Choose the proxy type → Fill out other necessary information

Tips: 1. Proxy Type

The proxy type is the protocol which is used to communicate with the proxy server. Since there are only three options, they can all be tried until one works.

2. Proxy IP/hostname

It is necessary to know the proxy IP for attempted connections. If the user is trying to connect to a local proxy, then 127.0.0.1 should be specified since it is the localhost.

3. Proxy Port number

It is necessary to know the port number for attempted connections. It should be a positive integer from 1 to 65535. If searching for the listening port number of a well-known censorship circumvention tool, it can be found online.

4. Username and Password If the username and password are unknown, they should be left blank to see if the connection will succeed. In most cases they are not needed.

Option 2: Manually Configure Proxy[edit]

Open file /usr/local/etc/torrc.d/50_user.conf in a text editor of your choice with sudoedit.

If you are using Qubes-Whonix^™, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Whonix-Gateway^™ ProxyVM (commonly named sys-whonix) → Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway, complete the following steps.

Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway, complete the following steps. sudoedit /usr/local/etc/torrc.d/50_user.conf

If SSH tunnel was setup from Whonix-Gateway:

Socks5Proxy 127.0.0.1:1080

If SSH tunnel was setup from host operating system, change IP:PORT as needed:

Socks5Proxy IP:PORT

Firewall Configuration[edit]

TODO: if running inside Whonix-Gateway, new firewall rules are probably required.

Footnotes[edit]

↑ Anon Connection Wizard is a graphical user interface (GUI) application. It does not have command line interface (CLI) support yet. It is therefore unavailable on Whonix-Gateway CLI. Use setup-dist instead; note that functionality is limited and does not support Bridges.

Whonix

The most watertight privacy operating system in the world.

Dark mode

FREE · PLUS · PREMIUM Support

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012-2023 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!

[1] Anon Connection Wizard is a graphical user interface (GUI) application. It does not have command line interface (CLI) support yet. It is therefore unavailable on Whonix-Gateway CLI. Use setup-dist instead; note that functionality is limited and does not support Bridges.

[1]

Connecting to SSH before Tor

Contents