Setting up a torified ssh tunnel to a squid proxy


I would like to connect to an anonymous squid proxy that we have set up on a deniable VPS using a torified ssh tunnel

I have this working using a test virtual machine and a test server

torsocks ssh -L port:server:port

sets up the tunnel and


shows me connected from an TOR exit

then using firefox with the http proxy set to localhost:port allows me to browse and the ip is that of the proxy

In a Whonix WORKSTATION I can

ssh -L port:server:port

the connection (again) will be torified and I can browse in firefox using the same browser settings

My questions are

  1. Should I be using the TOR browser instead of firefox esr and if so - how to make it use the ssh tunnel to the proxy because simply setting up the proxy as in firefox doesn’t seem to work

  2. Should I be setting up the tunnel in the gateway? What is the advantage of doing this? (because it looks like quite a big deal)

The tunnel?

And in the gateway, for this type of setup, most likely a strong no.

If you setup an ssh tunnel from Whonix-Gateway to the VPS, you actually de-anonymize yourself. Setting up a ssh tunnel in Whonix-Gateway results in user → ssh → Tor → Internet. Some people want this to have a longer tunnel length but in your case that would be a huge fail.


It’s Tor not TOR.

Always prefer Tor Browser over icewasel. (Why? → Tor Browser Essentials)

I recommend strongly against X11 forwarding through ssh due to keystroke fingerprinting. (At risk as soon as the VPS turns malicious.)

Also applicable to you:
Remote Administration - Whonix