In this article, we will discuss how to set up a Tor v3 hidden service and use it for SSH connections. This setup enhances your network’s privacy and security, allowing secure, anonymous access to your services.

Server Configuration

Setting Up a Single Hidden Address Service

  1. Install Tor:

    sudo apt-get install tor
    • Verify the process: sudo lsof -i | grep LISTEN
    • Terminate if necessary: sudo kill <pid>
  2. Configure the Tor Service: Edit /etc/tor/torrc:

    HiddenServiceDir /home/<username>/<hiddenfile_A>
    HiddenServicePort 22
    • HiddenServiceDir: Set to /home/<username>/<hiddenfile_A>. Modify permissions with sudo chmod 700 /home/<username>/<hiddenfile_A>.
    • HiddenServicePort: Map a hidden service port to a local port (22 in this case for SSH).
  3. Start Tor:

    • Run tor.
    • This generates private and public keys and a hostname in /home/<username>/<hiddenfile_A>.

Configuring Multiple Hidden Address Services

  1. Modify Tor Configuration: Edit /etc/tor/torrc to add multiple services:

    HiddenServiceDir /home/<username>/<hiddenfile_X>
    HiddenServicePort 80<localport>
    • Replace <hiddenfile_X> and <localport> as needed.
    • Each HiddenServiceDir creates a unique hidden address.
  2. Start Tor:

    • Run tor.
    • Check created folders for generated keys and addresses.

SSH Client Configuration

  1. Install Tor on the Client:

    brew install tor
  2. Modify SSH Configuration: Edit .ssh/config and add:

    Host *.onion *-tor
    ProxyCommand nc -X 5 -x %h %p
    CheckHostIP no
    Compression yes
    Protocol 2
  3. Connect via SSH:

    ssh <username>@<hostname-onion>.onion

Reference: SSH Hidden Service Guide

Generating Custom Tor v3 Addresses

  1. Download and Install Tools:

   sudo apt-get install git
   git clone
   cd mkp224o
   sudo apt install gcc libsodium-dev make autoconf
  1. Compile the Software:

    ./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
  2. Use the Tool:

    • Caution: Avoid setting very short terms (≤3 characters) to prevent rapid generation, which can damage the disk or create files that are hard to delete.
      ./mkp224o <term_A> <term_B> <...>
    • Use -S 1 for status updates every second (default is every 10 seconds).
    • Use -j 10 to set the number of CPU cores (default uses all available).

Generated results will appear in folders named <onionaddress>.onion, containing private keys, public keys, and the address. To activate, move these to the /home/<username>/<hiddenfile_*> directory.

Reference: mkp224o GitHub Repository