Introduction

In this article, we will discuss how to set up a Tor v3 hidden service and use it for SSH connections. This setup enhances your network’s privacy and security, allowing secure, anonymous access to your services.

Tor v3 hidden service configuration diagram showing SSH connection through encrypted onion routing

Server Configuration

Setting Up a Single Hidden Address Service

  1. Install Tor:

    sudo apt-get install tor
    • Verify the process: sudo lsof -i | grep LISTEN
    • Terminate if necessary: sudo kill <pid>

  2. Configure the Tor Service: Edit /etc/tor/torrc:

    HiddenServiceDir /home/<username>/<hiddenfile_A>
HiddenServicePort 22 127.0.0.1:22
    • HiddenServiceDir: Set to /home/<username>/<hiddenfile_A>. Modify permissions with sudo chmod 700 /home/<username>/<hiddenfile_A>.
    • HiddenServicePort: Map a hidden service port to a local port (22 in this case for SSH).

  3. Start Tor:

    • Run tor.
    • This generates private and public keys and a hostname in /home/<username>/<hiddenfile_A>.

Configuring Multiple Hidden Address Services

  1. Modify Tor Configuration: Edit /etc/tor/torrc to add multiple services:

    HiddenServiceDir /home/<username>/<hiddenfile_X>
HiddenServicePort 80 127.0.0.1:<localport>
    • Replace <hiddenfile_X> and <localport> as needed.
    • Each HiddenServiceDir creates a unique hidden address.

  2. Start Tor:

    • Run tor.
    • Check created folders for generated keys and addresses.

SSH Client Configuration

  1. Install Tor on the Client:

    brew install tor
tor

  2. Modify SSH Configuration: Edit .ssh/config and add:

    Host *.onion *-tor
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
CheckHostIP no
Compression yes
Protocol 2

  3. Connect via SSH:

    ssh <username>@<hostname-onion>.onion

Reference: SSH Hidden Service Guide

Generating Custom Tor v3 Addresses

  1. Download and Install Tools:

    

   sudo apt-get install git
   git clone https://github.com/cathugger/mkp224o.git
   cd mkp224o
   sudo apt install gcc libsodium-dev make autoconf

  1. Compile the Software:

    ./autogen.sh
./configure
./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
make

  2. Use the Tool:

    • Caution: Avoid setting very short terms (≤3 characters) to prevent rapid generation, which can damage the disk or create files that are hard to delete. 
      ./mkp224o <term_A> <term_B> <...>
    • Use -S 1 for status updates every second (default is every 10 seconds).
    • Use -j 10 to set the number of CPU cores (default uses all available).

Generated results will appear in folders named <onionaddress>.onion, containing private keys, public keys, and the address. To activate, move these to the /home/<username>/<hiddenfile_*> directory.

Reference: mkp224o GitHub Repository