SSH over Tor including unto Onion Service

Hello. I am new to Linux and using tor, outside of using the Tor browser. So far I’ve been using the tor service as a proxy for certain other programs, like other browsers and for downloading things. Only no torrenting.

Usually I’ll simply add some --proxy socks5://localhost:9050 style option to a command, and things will work. Whether they work ‘right’ or not I’m not always sure seeing as I’m still green in the boots. I’ve had trouble simply adding ‘torsocks’ before the command as that will usually generate an error, though I seem to remember adding it along with the proxy option has worked.

In trying to use SSH over tor locally, either aiming at my onion address on a different machine or simply that machine as per usual ssh, I’ve tried the following methods:

simply using ‘torsocks ssh -p [somePort] user@[ipAddress]/[.onion]’

I’ve added ProxyCommand:

‘-o ProxyCommand=“torsocks nc %h %p”’ , where I’ve also added torsocks before the entire command instead, or also removed it before the netcat line.

I’ve also tried adding socks5://localhost:9050 through ProxyJump by my own figuring.

I’ve used the config file for all of the above, and I’ve used the command line.

I’ve gotten one of a few different general socks5 server errors last few times I’ve tried these, but I’ll stop there for now. Might be a real obvious answer, so I’ll await any questions before this gets too messy.

did you already try ask google ? i found this stuff

1 Like

Connecting to a ssh server via tor works perfectly with this in your ~/.ssh/config

Host whatever
   Hostname yourtoraddress.onion
   Proxycommand socat - SOCKS4A:localhost:%h:%p,socksport=9050

(make sure tor is running/listening on port 9050, and that you have socat installed).

1 Like

I hadn’t found that, and I will check it. I’ve been searching and found many varieties of simple advice, but none have worked consistently so far. Do/don’t use torify, do/don’t use torsocks, use --proxywhatever socks5…

Dunno if I’m just unlucky that things haven’t been working like they should recently. Thank you for the link.

Thanks. Should that be socks4 or 5? Either way, I’ll be trying your advice shortly.

It should work (and it does work) as written above.
I think socat doesn’t support SOCKS5.
I’ve also seen “ncat --proxy-type socks5 --proxy %h %p” as proxycommand, as ncat supports socks5.
(but note that there are many versions and variants of netcat, but NMAP’s nat as well as netcat-openbsd – both in debian) should support it.

i remember there is a way to set route traffic on terminal with tor. But i dont remember the line command :smiley:

I followed the advice of the article, setting the controlport and coockieauth 0. Other than that I should be running on default ssh and onion service settings.

Torsocks still works for certain things, as it did before, and I assume the commands it doesn’t work for simply aren’t tor-friendly, like ‘ping’. I can torify the lynx-browser and curl for instance.

Simply using ‘torsocks ssh user@address’ gives me

ERROR torsocks[6849]: General SOCKS server failure (in socks5_recv_connect_reply() at socks5.c:527)
ssh: connect to host [IP-ADDRESS] port 22: Connection refused


Host whatever
Hostname [IP-ADDRESS]
User user
Proxycommand socat - SOCKS4A:localhost:%h:%p,socksport=9050

gives me this

socat[6932] E socks: connect request rejected or failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

That’s without aiming at my onion obviously, which I chose to assume might work with either method. I’ll be back later regarding the onion service cases.

I was just able to connect to my onion service using ‘torsocks ssh user@.onion’, but it seems that after simply restarting the sshd and tor services, it now gives me

No route to host

Might this be an exit node issue, or what?

you torcc file is right configured ?

Here are the un-commented torrc settings:

ControlSocket /run/tor/control
ControlSocketsGroupWritable 1
CookieAuthentication 0
CookieAuthFile /run/tor/control.authcookie
CookieAuthFileGroupReadable 1

SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.

RunAsDaemon 1

ControlPort 9051

HiddenServiceDir /var/lib/tor/someonionservice
HiddenServicePort someport

SSH and Rsync both work, to and from either machine at the other, now. Only still not reliably. Often I will get the ‘no route to host’ error, but if so I simply have to try again a few times for it to work.

But that might be it for this thread, except I have yet for ssh/rsync over tor to work while aiming at my public IP-address rather than onion.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.