Few days back, I needed to access my raspberry pi remotely from anywhere. I have achieved this by using a hidden SSH Tor service. Tor Project, The Onion Router, is a free software that provides anonymous communications over the internet. This method is not limited to raspberry pi, and it can be applied on any computer you can install Tor on. Kindly note, this tutorial is just for educational purpose and I am not responsible for the consequences, whatever they may be.
So lets get started:
On Raspberry Pi:
First, we have to create a hidden tor service on raspberrypi. I am using Raspbian as an operating system for my raspberry pi.
1. Install Tor
If you don’t have tor installed on your raspberry pi, install it using this command. Otherwise, move to the next step.
sudo apt-get install tor
2. Configure Hidden service
To add a hidden service, you must edit /etc/tor/torrc using your favourite text editor.
sudo nano /etc/tor/torrc
Afterwards, add the following two lines at the end of the file.
HiddenServiceDir /var/lib/tor/ssh_hidden_service/ HiddenServicePort 22 127.0.0.1:22
The first line indicates the directory where to store the information related to the service, and the second refers to the port and IP of the service.
Once you are done, restart tor
sudo /etc/init.d/tor restart
If it restarted successfully, then everything is configured properly.
3. Get the hostname of the hidden service
To get the hostname of the hidden service ( something.onion ), run the following code:
sudo cat /var/lib/tor/ssh_hidden_service/hostname
The host would look something like cf345hny2qzgzk1z.onion, save it as it is what you will use as a host when logging in to your raspberry pi.
4. (OPTIONAL) Change the default password of your raspberry pi
If you haven’t changed the default password of your raspberry pi, it is highly recommended to change it to especially as it will be accessed through the internet now. To change your raspberry pi password, run the following command:
passwd
Then follow the instructions i) enter current password, ii) enter new password, and iii) confirm new password by entering it again.
On client:
Now, to access my raspberry pi remotely, I must be connected to tor network and then ssh to my raspberrypi’s onion hostname using tor as proxy. I am using Debian as operating system for the client.
1. Install tor and connect proxy
connect-proxy is a tool used for tunnelling TCP connections using SOCK or HTTPS proxies, and it is what we will be using to tunnel our ssh connections using tor as proxy.
sudo apt-get install tor sudo apt-get install connect-proxy
Make sure that tor is running by executing sudo service tor start.
2. Configure SSH
Once we have installed tor and connect-proxy, we need to configure ssh to use tor as proxy whenever we ssh to something.onion. To achieve that, modify ~/.ssh/config (for the current user only) or /etc/ssh/ssh_config (for all users). I will modify it for my account only.
nano ~/.ssh/config
Add the following two lines at the end of the file.
Host *.onion
ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p
ForwardX11 yes3. SSH to your Raspberry Pi
Now we ssh to raspberry pi’s hostname. Change cf345hny2qzgzk1z.onion to the host of your raspberry pi.
ssh [email protected]
Note (optional): It will ask you to enter a password for your Tor’s proxy. Just press Enter as we did not set a password for tor proxy and there is no password by default. To get rid of having it asks to enter socks5 password, you can configure a default SOCKS5 password by modifying your ~/.bashrc and set SOCKS5_PASSWORD to an empty string:
nano ~/.bashrc
Add at the end:
export SOCKS5_PASSWORD=""
4. Done
That’s it, now you can access your raspberry pi from anywhere anonymously through tor network. Have fun and enjoy it.