Access your Raspberry Pi Globally Using Tor

khalid Raspberry Pi, Security 0 Comments

Few days back, I needed to access my raspberry pi remotely from anywhere. I have achieved this by using a hidden SSH Tor service. Tor Project, The Onion Router, is a free software that provides anonymous communications over the internet. This method is not limited to raspberry pi, and it can be applied on any computer you can install Tor on. Kindly note, this tutorial is just for educational purpose and I am not responsible for the consequences, whatever they may be.

So lets get started:

On Raspberry Pi:

First, we have to create a hidden tor service on raspberrypi. I am using Raspbian as an operating system for my raspberry pi.

1. Install Tor

If you don’t have tor installed on your raspberry pi, install it using this command. Otherwise, move to the next step.

sudo apt-get install tor

2. Configure Hidden service

To add a hidden service, you must edit /etc/tor/torrc using your favourite text editor.

sudo nano /etc/tor/torrc

Afterwards, add the following two lines at the end of the file.

HiddenServiceDir /var/lib/tor/ssh_hidden_service/
HiddenServicePort 22 127.0.0.1:22

The first line indicates the directory where to store the information related to the service, and the second refers to the port and IP of the service.

Once you are done, restart tor

sudo /etc/init.d/tor restart

If it restarted successfully, then everything is configured properly.

3. Get the hostname of the hidden service

To get the hostname of the hidden service ( something.onion ), run the following code:

 sudo cat /var/lib/tor/ssh_hidden_service/hostname 

The host would look something like cf345hny2qzgzk1z.onion, save it as it is what you will use as a host when logging in to your raspberry pi.

4. (OPTIONAL) Change the default password of your raspberry pi

If you haven’t changed the default password of your raspberry pi, it is highly recommended to change it to especially as it will be accessed through the internet now. To change your raspberry pi password, run the following command:

passwd

Then follow the instructions i) enter current password, ii) enter new password, and iii) confirm new password by entering it again.

 

On client:

Now, to access my raspberry pi remotely, I must be connected to tor network and then ssh to my raspberrypi’s onion hostname using tor as proxy. I am using Debian as operating system for the client.

1. Install tor and connect proxy

connect-proxy is a tool used for tunnelling TCP connections using SOCK or HTTPS proxies, and it is what we will be using to tunnel our ssh connections using tor as proxy.

sudo apt-get install tor

sudo apt-get install connect-proxy

2. Configure SSH

Once we have installed tor and connect-proxy, we need to configure ssh to use tor as proxy whenever we ssh to something.onion. To achieve that, modify ~/.ssh/config (for the current user only) or /etc/ssh/ssh_config (for all users). I will modify it for my account only.

nano ~/.ssh/config

Add the following two lines at the end of the file.

Host *.onion
        ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p
        ForwardX11 yes

3. SSH to your Raspberry Pi

Now we ssh to raspberry pi’s hostname. Change cf345hny2qzgzk1z.onion to the host of your raspberry pi.

ssh pi@cf345hny2qzgzk1z.onion

Note (optional): It will ask you to enter a password for your Tor’s proxy. Just press Enter as we did not set a password for tor proxy and there is no password by default. To get rid of having it asks to enter socks5 password, you can configure a default SOCKS5 password by modifying your ~/.bashrc and set SOCKS5_PASSWORD to an empty string:

nano ~/.bashrc

Add at the end:

export SOCKS5_PASSWORD=""

 4. Done

That’s it, now you can access your raspberry pi from anywhere anonymously through tor network. Have fun and enjoy it.