How to Set Up an SSH Server with Tor to Hide It from Shodan & Hackers

yes Warning: Permanently added 'pkgsxmtmdrlxp7l3gfqysi3ceaochd4vnv7eax2fuyridmcz7ucvluad.

onion' (ECDSA) to the list of known hosts.


onion's password:Step 6: Make Sure the SSH Service Isn’t Visible to ShodanAfter logging into the server using the onion address, use the ss command again to view listening services.

It should no longer report SSH listening on every available interface, only 127.




~$ ss -plt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.



1:ssh *:* users:(("sshd",pid=1162,fd=3))We can further verify this by executing a simple nmap version (-sV) scan on the server.

~$ nmap -p 22 -sV <vps ip here> PORT STATE SERVICE VERSION 22/tcp closed sshThe SSH service may still appear on Shodan for days or even weeks.

Shodan isn’t great about purging old service banners and information.

But that doesn’t mean the SSH service is still accessible to attackers.

ConclusionBy far the most significant caveat to using SSH with onion services is the slowness.

Responses in the terminal can be painfully slow for someone who isn’t used to onion services and Tor.

Configuring Tor to work with SSH services in this way hides it from Shodan but doesn’t make it entirely impossible to locate by hackers.

It can still be reached using Tor, which significantly minimizes its overall exposure but doesn’t make it altogether impervious to attacks.

There’s a security feature in Tor called HiddenServiceAuthorizeClient.

This feature allows users to essentially password-protect the onion service with an authentication cookie.

At the time of this writing, HiddenServiceAuthorizeClient isn’t supported by the newer “next-gen” onion services.

It would be possible to generate older onion services, but it seems like bad security practice to use a soon to be a deprecated feature of Tor.

In the future, it will be possible to use HiddenServiceAuthorizeClient with next-gen onions to make them completely inaccessible to anyone but you.

For now, changing the SSH port number to something non-standard like 62359 or 41171 will help keep it off the radar of script-kiddies on the darknet mass-scanning on port 22.

Don’t Miss: Hide Sensitive Files in Encrypted Containers on Your Linux SystemCover photo and screenshots by distortion/Null ByteOriginally published at https://null-byte.


com on May 23, 2019.

.. More details

Leave a Reply