Tunnels/Connecting to Tor before SSH
|Before combining Tor with other tunnels, be sure to read and understand the risks!|
Too difficult to set up? Provider specific automation can be created for you by the lead developer of Whonix. Send reasonable price suggestions. Get in contact.
|Documentation for this is incomplete. Contributions are happily considered!|
Note that even though SSH supports socks5, SSH is still not able to forward UDP on its own. Have a look at the source of that information. To summarize: to tunnel UDP over SSH client and shell admin need a special setup, which is for most shells, not going to happen.
A SSH tunnel will provide a local socks5 proxy. Create the SSH tunnel in the Whonix-Workstation. From there you'll end up with a local socks5 proxy. You can use this socks5 proxy following the How to connect to Tor before a proxy (User -> Tor -> proxy -> Internet) instructions.. Once the SSH tunnel is established, there are not many differences, besides the difference already clarified above about UDP and that the warning about missing encryption to the proxy does not apply to SSH tunnels, since SSH is encrypted. The SSH process needs to be allowed to access the internet directly, if you use transparent proxying, run the SSH process under an account, which is privileged to access the internet directly.
Another untested method may be sshuttle.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.