I first could connect to a remote ssh server fine, but then in a 2nd attempt I couldn’t. That shouldn’t be allowed in iptables, right? Why does the first attempt work at all? Why does it change after the 1st?
It is possible to connect to SSH before Tor from Whonix Gateway:
You need to provide more information.
Was Tor enabled? on both attempts?
What command did you use? (SSH is torrified by uwt)
Which user issued the command? (user tunnel?)
Was it public IP or LAN?
$ ssh -g -D port user@ip
So it formed an infinite loop?
How can I disable uwt for the SSH?
I hope I’m not asking to noob questions…
I am not sure what the problem is, but, I constantly use the SSH protocol over Tor, specifically over whonix-gateway with a custom workstation (using qubes-whonix).
Running the command on my custom workstation (attached to the default whonix-gateway), for example “ssh -v -p 22 firstname.lastname@example.org” works perfectly fine.
Sorry if this answer is not of any kind.
Whonix-Gateway has limited connectivity (by design). Its job is to get Tor running, and then to route all traffic over Tor.
If you’re trying to connect to an SSH tunnel before Tor (user -> ssh -> tor -> internet), then the documentation that @0brand linked is incomplete.
Many steps are required to bypass Gateway’s protections. If you’re willing to work at it, you can get some ideas by looking at the VPN documentation: https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway
Since you’re using Qubes, a more straightforward approach would be to use a proxyVM in front of sys-whonix:
sys-net — ssh-proxyVM — sys-whonix — anon-whonix
Again, you can look at Qubes VPN documentation to see a similar config.
I tried to solve this but I think I’ll drop this, it’s too confusing and cumbersome.
Thanks for your help any case.
When you type, ssh, it’s actually
torsocks ssh. ( https://www.whonix.org/wiki/Stream_Isolation ) Therefore this gets redirected to Tor running on localhost. Even on Whonix-Gateway. Clearnet (ssh) connections are not so easily possible from Whonix-Gateway.
Tor connection issues?