Privacy and being anonymous on the Internet are large concerns and top priorities for many online users. For communicating anonymously on the Internet you use Tor. For secure communications, so that nobody can read your private information you use SSH. Combine both, and you have a secure and anonymous communication. In this hack, we’ll show you how to use Tor to anonymize your SSH connections.

One of the coolest features in SSH is the ProxyCommand option, which tells SSH to run a specified program, rather than making a direct connection to the remote machine. When using this option, SSH will tunnel all traffic through the program’s standard input and output.

In order to tunnel traffic through Tor, we need a program that can be used with SSH’s ProxyCommand to direct traffic through a Tor server. One simple program that can perform this task is Connect. If you run Windows, you can download a binary version of Connect. Linux users need to download the source and compile it.

Now, to use it with SSH to connect through Tor, run the following command:

ssh -o ProxyCommand=”ConnectPath -S TorServer:9050 %h %p” 192.168.0.100

Replace ConnectPath with the location of your Connect binary file and TorServer with the IP address of your Tor server. If you’re running a local server on your computer, change the value to localhost. The %h and %p macros tells SSH to expand them to be the host and the port number that you are connecting to when executing the command.

To prevent SSH from resolving the hostname using your name servers, you must use IP addresses when tunneling SSH through Tor. That is, although SSH uses Tor to anonmyize the traffic, it will send DNS requests in order to get the IP address of the remote computer. If you were to allow SSH do the resolving, any eavesdropper can reveal the location of your connections

Fortunately, the Tor distribution includes a very handy tool called tor-resolver, which simply resolves hostnames to IP addresses by making DNS queries through the Tor network. So, next time you plan to tunnel SSH through Tor, just fire up tor-resolver and use the IP address returned.