Looks doable.
In any case it’s much, much safer to (also) use Whonix locally before connecting to any server.
To SSH to any remote server adds new risk.
(VNC similar:)
If the remote server cannot be trusted (which server can nowadays?), and you’re not connecting there anonymously, you might not be anonymous at all. Using a remote server also creates the problem how to anonymously pay the server, see:
What you call SSH-Server
and Whoix-Gateway
in a box could be one combined server? Assuming yes. Rephrasing your question: How to SSH into Whonix-Gateway?
And answering that.
We don’t have that documented unfortunately.
- learn about onion services generally
- install an onion v3 service on your local computer
- learn how to SSH into your local computer’s onion v3 service (this exercise can also be done inside a VM)
(no port forwarding required)
By applying the same on a Whonix-Gateway you should be able to SSH into Whonix-Gateway. Bo port forwarding required since Tor makes it look like the incoming connection is coming from localhost. And Tor itself does not require open ports as a client. And Tor itself does not even require open ports for onion services.
What you call SSH-Server
and Whoix-Gateway
in a box could be one combined server? Assuming no. Well, not much different than above. You’ll still need an ssh server installed on Whonix-Gateway.
What you SSH-Server
could be a Whonix-Workstation. Similar to above you can also SSH into Whonix-Workstation. To do that: don’t try to exercise this on a server for the first time. Start exercising using Whonix locally without any remote servers involved. Exercise hosting an onion webserver as per https://www.whonix.org/wiki/Onion_Services. Then exercise setting up an onion ssh server which would be very similar. Once you learned how to do this, you can also replicate it on a remote server.
But last comes to mind a bit late… For a Whonix-Gateway / Whonix-Workstation on a server… At which provider are you actually able to do that? Rhetoric question. Probably on root servers only. But where can you buy a root server anonymously that allows connection from Tor? Seems futile.