Tunnel Tor through SSH

Hello Community!

Im new here and i wanna say first that Whonix is really awesome. A masterpiece!

But here is the reason why i opened this thread.
I testet the possibility to route Tor through a SSH tunnel which is running on the Host system.
Therefore i followed the manual on https://www.whonix.org/wiki/Tunnel_Tor_through_proxy_or_VPN_or_SSH#Tunnel_Tor_through_SSH
But it seems there are 2 little, but serious, mistakes in it.

I fixed it that way.
Terminal on the host:

ssh -D 1080 your.ssh.server
I changed that to
ssh -g -D 1080 your.ssh.server
-g Allows remote hosts to connect to local forwarded ports.

Root terminal on the host:

ifconfig -a
The eth0 network interface has an address like So i changed the instruction for the torrc file on the Gateway to
## In case SSH tunnel has been setup from Whonix-Gateway. Socks5Proxy [b] [/b]:1080 ## In case SSH tunnel has been setup on the host. #Socks5Proxy IP:PORT
Now it works!

I tested it with success too.
The webbrowser in the workstation worked fine till i closed the SSH tunnel on the host. The Tor browser wasnt working anymore, till to the moment i activated the SSH tunnel again.

Hope my feedback is welcome and correct.

Thanks. Feedback is appreciated.

That documentation is really old and not touched for a long time.

The chapter "Tunnel Tor through SSH" is not fully tested/complete. Please give feedback if it worked for you. This doesn't seem to be very popular, no one ever asked about it in over one year.

The link you posted will be deprecated soon. Content has been moved here:

That chapter is for:
User -> SSH -> Tor -> Internet

So on the gateway ssh could run as user clearnet. Or debian-tor. Not sure. Ideally ssh would have a dedicated user and there would be something similar to VPN-Firewall (standalone or feature on gateway). I.e. SSH-Firewall. It would allow the ssh user to connect to any outside target but allow Tor only local connections (to the ssh proxy).

When the ssh proxy is running on the gateway and Tor connecting to it using Socks5Proxy, I do not see what the ssh -g parameter would be good for.

But right, when the ssh proxy is running on the host, -g could be required.

Please feel free to edit https://www.whonix.org/wiki/Using_Tunnels_with_Whonix#Connecting_to_SSH_before_Tor_.28User_-.3E_SSH_-.3E_Tor_-.3E_Internet.29.

I would be happy to edit the manual, but i cant log in to edit it.
Please send me a private msg, if i should do.

You don’t necessarily need an account. Anonymous edits allowed. Held for moderation. Just press the edit button.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]