Connecting to SSH before Tor

Instructions on how to connect to SSH before Tor.
User
→ SSH
→ Tor
→ Internet
Introduction[edit]
The SSH tunnel be configured on the host operating system (OS) (outside any virtual machine (VM) or inside Whonix-Gateway™.
Install SSH Client[edit]
Install package(s) openssh-client
.
A. Update the package lists and upgrade the system.
sudo apt update && sudo apt full-upgrade
B. Install the openssh-client
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
sudo apt install --no-install-recommends openssh-client
C. Done.
The procedure of installing package(s) openssh-client
is complete.
Test Connection[edit]
ssh example.com
- TODO: Public key authentication steps
apt install lynx
lynx check.torproject.org
exit
Configure Local Server[edit]
ssh -D 127.0.0.1:1080 example.com
- TODO: Run in background on each start up before Tor.
- TODO: Public Key authentication steps
Configure Tor[edit]
Option 1: Use Anon Connection Wizard[edit]
A prefixed proxy can be configured easily using Anon Connection Wizard.
Step 1: Start Anon Connection Wizard[edit]
If you are using Qubes-Whonix™, complete the following steps.
Qubes App Launcher (blue/grey "Q")
→ Whonix-Gateway™ ProxyVM (commonly named sys-whonix)
→ Anon Connection Wizard
If you are using a graphical Whonix-Gateway, complete the following steps.
Start Menu
→ Applications
→ System
→ Anon Connection Wizard
If you are using a terminal emulator (such as for example xfce4-terminal) on Whonix-Gateway, type.
lxsudo anon-connection-wizard
If you are using a CLI Whonix-Gateway, see footnote. [1]
Step 2: Use Proxy Configuration Page[edit]
Select "Use proxy before connecting to the Tor network" on the Proxy Configuration page
→ Choose the proxy type
→ Fill out other necessary information
Option 2: Manually Configure Proxy[edit]
Open file /usr/local/etc/torrc.d/50_user.conf
in a text editor of your choice with
sudoedit
.
If you are using Qubes-Whonix™, complete the following steps.
Qubes App Launcher (blue/grey "Q")
→ Whonix-Gateway™ ProxyVM (commonly named sys-whonix)
→ Tor User Config (Torrc)
If you are using a graphical Whonix-Gateway, complete the following steps.
Start Menu
→ Applications
→ Settings
→ /usr/local/etc/torrc.d/50_user.conf
If you are using a terminal-only Whonix-Gateway, complete the following steps. sudoedit /usr/local/etc/torrc.d/50_user.conf
- If SSH tunnel was setup from Whonix-Gateway:
Socks5Proxy 127.0.0.1:1080
- If SSH tunnel was setup from host operating system, change IP:PORT as needed:
Socks5Proxy IP:PORT
Firewall Configuration[edit]
- TODO: if running inside Whonix-Gateway, new firewall rules are probably required.
Footnotes[edit]
- ↑
Anon Connection Wizard is a graphical user interface (GUI) application. It does not have command line interface (CLI) support yet.
It is therefore unavailable on Whonix-Gateway CLI. Use
setup-dist
instead; note that functionality is limited and does not support Bridges.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!