Actions

Connecting to SSH before Tor

From Whonix

< Tunnels



Norman-79860640.jpg

Ambox warning pn.svg.png Before combining Tor with other tunnels, be sure to read and understand the risks!

Ambox notice.png Advertisement:
Too difficult to set up? Provider specific automation can be created for you by the lead developer of Whonix ™. Send reasonable price suggestions. Get in contact.

Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

Ambox notice.png Advertisement:
It's possible to pay for the completion of this wiki page. Send reasonable price suggestions. Get in contact.


UserSSHTorInternet

The SSH tunnel be configured on the host or inside Whonix-Gateway ™.

Install SSH Client[edit]

sudo apt-get update

sudo apt-get install ssh

Test Connection[edit]

ssh yourusername@your.ssh.server

  • TODO: Public key authentication steps

apt-get install lynx

lynx check.torproject.org

exit

Configure Local Server[edit]

ssh -D 1080 your.ssh.server

  • TODO: Run in background on each start up before Tor.
  • TODO: Public Key authentication steps

Configure Tor[edit]

Option 1: Use Anon Connection Wizard[edit]

Beginning with Whonix ™ 14, a prefixed proxy can be configured easily using Anon Connection Wizard.

Step 1: Start Anon Connection Wizard[edit]

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Anon Connection Wizard

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSystemAnon Connection Wizard

If you are using a terminal emulator (such as for example xfce4-terminal) on Whonix-Gateway ™, type. 

lxsudo anon-connection-wizard

If you are using a CLI Whonix-Gateway ™, see footnote. [1]

Step 2: Use Proxy Configuration Page[edit]

Select "Use proxy before connecting to the Tor network" on the Proxy Configuration pageChoose the proxy typeFill out other necessary information

Info Tips: 1. Proxy Type

The proxy type is the protocol which is used to communicate with the proxy server. Since there are only three options, they can all be tried until one works.

2. Proxy IP/hostname

It is necessary to know the proxy IP for attempted connections. If the user is trying to connect to a local proxy, then 127.0.0.1 should be specified since it is the localhost.

3. Proxy Port number

It is necessary to know the port number for attempted connections. It should be a positive integer from 1 to 65535. If searching for the listening port number of a well-known censorship circumvention tool, it can be found online.

4. Username and Password If the username and password are unknown, they should be left blank to see if the connection will succeed. In most cases they are not needed.

Option 2: Manually Configure Proxy[edit]

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Gateway ™ ProxyVM (commonly named sys-whonix)Tor User Config (Torrc)

If you are using a graphical Whonix-Gateway ™, complete the following steps.

Start MenuApplicationsSettings/usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Whonix-Gateway ™, complete the following steps. 

sudo nano /usr/local/etc/torrc.d/50_user.conf

  • If SSH tunnel was setup from Whonix-Gateway ™:

Socks5Proxy 127.0.0.1:1080

  • If SSH tunnel was setup from host operating system, change IP:PORT as needed:

Socks5Proxy IP:PORT

Firewall Configuration[edit]

  • TODO: if running inside Whonix-Gateway ™, new firewall rules are probably required.
Fosshost is sponsors Kicksecure stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Tunnels/Connecting to SSH before Tor&body=https://www.whonix.org/wiki/Tunnels/Connecting_to_SSH_before_Tor link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Tunnels/Connecting_to_SSH_before_Tor&title=Tunnels/Connecting to SSH before Tor link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Tunnels/Connecting_to_SSH_before_Tor&t=Tunnels/Connecting to SSH before Tor link=https://mastodon.technology/share?message=Tunnels/Connecting to SSH before Tor%20https://www.whonix.org/wiki/Tunnels/Connecting_to_SSH_before_Tor&t=Tunnels/Connecting to SSH before Tor

Want to make Whonix ™ safer and more usable? We're looking for helping hands. Check out the Open Issues and development forum.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

  1. Anon Connection Wizard is a graphical user interface (GUI) application. It does not have command line interface (CLI) support yet. [archive] It is therefore unavailable on Whonix-Gateway ™ CLI. Use setup-dist instead; note that functionality is limited and does not support Bridges.
Retrieved from "https://www.whonix.org/w/index.php?title=Tunnels/Connecting_to_SSH_before_Tor&oldid=65046"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information