Connecting to SSH before Tor
User → SSH → Tor → Internet
Introduction[edit]
Before combining Tor with other tunnels, be sure to read and understand the risks!
Advertisement:
Too difficult to set up? Provider specific automation can be created for you by the lead developer of Whonix ™. Send reasonable price suggestions. Get in contact.
Documentation for this entry is incomplete. Contributions are happily considered!
Advertisement:
It's possible to pay for the completion of this wiki page. Send reasonable price suggestions. Get in contact.
The SSH tunnel be configured on the host or inside Whonix-Gateway ™.
Install SSH Client[edit]
Test Connection[edit]
- TODO: Public key authentication steps
Configure Local Server[edit]
- TODO: Run in background on each start up before Tor.
- TODO: Public Key authentication steps
Configure Tor[edit]
Option 1: Use Anon Connection Wizard[edit]
Beginning with Whonix ™ 14, a prefixed proxy can be configured easily using Anon Connection Wizard.
Step 1: Start Anon Connection Wizard[edit]
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Whonix-Gateway ™ ProxyVM (commonly named sys-whonix) → Anon Connection Wizard
If you are using a graphical Whonix-Gateway ™, complete the following steps.
Start Menu → Applications → System → Anon Connection Wizard
If you are using a terminal emulator (such as for example xfce4-terminal) on Whonix-Gateway ™, type.
If you are using a CLI Whonix-Gateway ™, see footnote. [1]
Step 2: Use Proxy Configuration Page[edit]
Select "Use proxy before connecting to the Tor network" on the Proxy Configuration page → Choose the proxy type → Fill out other necessary information
Tips:
1. Proxy Type
The proxy type is the protocol which is used to communicate with the proxy server. Since there are only three options, they can all be tried until one works.
2. Proxy IP/hostname
It is necessary to know the proxy IP for attempted connections. If the user is trying to connect to a local proxy, then 127.0.0.1 should be specified since it is the localhost.
3. Proxy Port number
It is necessary to know the port number for attempted connections. It should be a positive integer from 1 to 65535. If searching for the listening port number of a well-known censorship circumvention tool, it can be found online.
4. Username and Password If the username and password are unknown, they should be left blank to see if the connection will succeed. In most cases they are not needed.
Option 2: Manually Configure Proxy[edit]
Open file /usr/local/etc/torrc.d/50_user.conf in a text editor
of your choice with sudoedit.
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Whonix-Gateway ™ ProxyVM (commonly named sys-whonix) → Tor User Config (Torrc)
If you are using a graphical Whonix-Gateway ™, complete the following steps.
Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf
If you are using a terminal-only Whonix-Gateway ™, complete the following steps.
- If SSH tunnel was setup from Whonix-Gateway ™:
- If SSH tunnel was setup from host operating system, change IP:PORT as needed:
Firewall Configuration[edit]
- TODO: if running inside Whonix-Gateway ™, new firewall rules are probably required.
At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.
Learn more.
Whonix ™ is supported by Evolution Host DDoS Protected VPS.
Scan the QR code or use the wallet address below.
Want to get involved with Whonix? Check out our Contribute page.
- ↑
Anon Connection Wizard is a graphical user interface (GUI) application. It does not have command line interface (CLI) support yet. It is therefore unavailable on Whonix-Gateway ™ CLI. Use
setup-distinstead; note that functionality is limited and does not support Bridges.