Torify: anonymizing applications


We aim to establish a secure SSH connection between two Ubuntu based machines over the Tor network. We have already setup Tor on both machines running SSH as a hidden service.

Connection can be ‘torified’ to work over the Tor circuit. SSH is one of the services that can.

Step 1

We have to be sure that a Tor circuit is running and has been established. We can open up a terminal and run the tor command. After Tor service has been started you should see something like this.

Dec 18 10:29:28.216 [notice] Tor running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Dec 18 10:29:28.217 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at
Dec 18 10:29:28.218 [notice] Read configuration file “/etc/tor/torrc”.
Dec 18 10:29:28.225 [notice] Opening Socks listener on
Dec 18 10:29:28.225 [notice] Opening Control listener on
Dec 18 10:29:28.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 18 10:29:28.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 18 10:29:28.000 [notice] Bootstrapped 0%: Starting
Dec 18 10:29:29.000 [notice] Bootstrapped 5%: Connecting to directory server
Dec 18 10:29:29.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Dec 18 10:29:29.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Dec 18 10:29:30.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Dec 18 10:29:30.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Dec 18 10:29:31.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 18 10:29:31.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Dec 18 10:29:32.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 18 10:29:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 18 10:29:33.000 [notice] Bootstrapped 100%: Done

Step 2

On an another terminal we are giving the following command to establish a secure SSH tunnel between the two machines. The following command binds the local port (9999) to the remote port (9999), creating a secure tunnel between the two ports. After the successful execution all the traffic aimed to the local port (9999) is redirected to the remote port (9999) through a secure SSH tunnel.

torify ssh -L 9999:localhost:9999 teacher@xxxxxxxxxxxxxxxx.onion

You can find the onion address of the Ubuntu machine saved in the following file (if the hidden services files are set to the default location) /var/lib/tor/other_hidden_service/hostname or /var/lib/tor/hidden_service/hostname