SSH as a Hidden Service
It is relatively easy to make your SSH server available as a hidden service accessible only through the Tor network. There are several reasons you might want to do this.
- You can access your server anonymously.
- You can access your server from the open internet even if it is hidden behind a firewall and it has a dynamically assigned IP address.
The downside to using the Tor network to access your server is that the network is not particularly fast.
Tor
On a server, you can run tor as a always-on service. Typically tor acts as a socks proxy, allowing you anonymous access to the tor network from your server. Running it as an always-on service means that it is always available as an anonymous proxy. In this case, it will also be configured to provide access to your SSH server as a hidden service as well. In this case, your hidden service is always available.
Alternatively, you can run tor on demand. You typically do this on a workstation. In this case you would run tor whenever you want to hidden service to be available.
Tor as Service
To install tor on a Fedora system, as root run:
You would configure it by editing the file /etc/tor/torrc, but for now it can be left as is. Start tor with:
You should not be able to use it as a socks proxy. The default proxy port is 9050, so you should be able to configure your browser to use a socks5 proxy with address localhost:9050 to test it.
If you would like a GUI tool to monitor and control your tor server, install vidalia:
Normally vidalia will start and control its own copy of tor. If you want to use it to control the system tor, you will need to configure vidalia and tor accordingly (in /etc/tor/torrc you will need to set HashedControlPassword, and in ~/.vidalia/vidalia.conf you need to set ControlPassword).
Tor on Demand
If you instead plan to run tor on demand, install both tor and vidalia as root:
Once you do this, you no longer need be root, you can run vidalia and tor as a normal user.
You would start tor by running vidalia. When you do so, vidalia will open a window that shows the status of tor, but you can close it. You would reopen it as needed by clicking on the onion in your status bar.
You should not be able to use tor as a socks proxy now. The default proxy port is 9050, so you should be able to configure your browser to use a socks5 proxy with address localhost:9050 to test it.
In this situation, the tor configuration file, torrc, is found in ~/.vidalia.