Using Tor Stealthily - From a Remote VPS

HOME Situation Report Status of Circumvention Services Why Use VPNs and Proxies?
Safely use Tor from a remote server

Tor Works but Attracts Attention

If you have an interest or a need for anonymity and unblocked internet access, you have probably heard of Tor and maybe have used it. It is an effective tool for defeating censorship and surveillance, routing your traffic through multiple anonymizing relays before sending it to its destination. It is so effective that some authorities, monitoring political, military, or criminal adversaries, maintain watch lists of Tor users. If you would like to avoid having Tor usage tied to your IP address, and keep your IP address off of government watch lists, read how to do it here.

Authorities monitor VPNs and Tor by looking for the unique signalling protocols they use. OpenVPN has a certain pattern, Wireguard another, and a number of patterns for Tor - depending on whether it is basic Tor or Tor with obfuscation. Because governments in China, Iran, and other authoritarian countries expend plenty of money and effort to block Tor, Tor developers have created multiple types of bridges or means of obfuscation. They are effective, but not perfect; they are eventually found and blocked and the Tor users are investigated. Even the USA and its partner "Five Eyes" countries pay attention to Tor users.

A larger risk when authorities are interested in your Tor traffic is that they may try to unmask you. Unmasking is not easy, but it is sometimes possible. Unmasking efforts typically consist of:

Go Stealthy with SSH to Tor

One way to keep your Tor usage separated from your home or office computers is to not ever use it from said home or office. Instead, set up a distant server and operate Tor from there, with SSH and port forwarding from your local computers. It is almost seamless and does not attract attention like brazen Tor packets from your laptop. In fact, SSH is probably the last protocol to be blocked if authorities fully cut off the internet some day.

A nice aspect of keeping Tor off of your local devices is "cleanliness." An inspection will not find an instance of Tor, though you could be a heavy user through the distant server. Answering for the SSH usage could be as simple as, "I am learning how to program in Bash" or "I do web design and SEO."

Set up Your Server or VPS

You will insall Tor on a real "bare metal" or Virtual Private Server (VPS). I suggest a VPS, as there are plennty of options and even a few which are free (as in free beer):

Note: this example assumes a server with Ubuntu Linux as the operating system. Adjust as necessary if you select a server with a different system.

After getting your server spun up and running, make sure you have OpenSSH Server installed. It should be there; if not, install it. Also install tor.

Make sure Tor is installed with no errors and is running. Check it with this command, expecting a message that it is active:

sudo systemctl status tor

Set Up Your Local Computer(s)

Use a key based login instead of a username and password. It is easier and far more secure. Follow the instructions from your server provider to set it up. Sometimes, you may create keys in their control panel and download them. In other instances, you may create them locally and upload your public key to the server. Ubuntu users should become familiar with the ssh-keygen and ssh-copy-id tools. You'll thank me later.

In addition to setting up your key based acces to the server, be sure to set up your ssh config file. Here is an example of the file .ssh/config in your Linux home directory:

Host *
    Compression yes
    ServerAliveInterval 240

Host berkshire
    User ubuntu
    Port 22
    IdentityFile ~/.ssh/id_rsa

Since the darknet environment is much more risky than typical clearnet sites, take some extra time to set up your browser and also configure its proxy settings:

Firefox blocks .onion sites by default. You may unblock them by going into the about:config tab:

Connecting and Disconnecting to Tor

Manage your connections to Tor by entering an SSH command in the terminal; keep the terminal open but minimized and out of the way. Here is the command:

ssh -L 9050: berkshire

To exit, simply execute exit in the SSH session to log off the server.

Setting up that SSH config file is important, as it allows you to use a short command in the terminal to log on. Note the -L option, which sets up the port forwarding so your browser works with the remote Tor instance.

To verify that your browser is actually using Tor, visit this page first, before you go into the darknet:

There is a tor-remote script for this, if you would like to run more than one server and have the convenience of a nice menu and click-to-run. However, you need Rofi and / or fzf installed. MOFO Linux is nicely configured to use Tor from a VPS. What I do is keep the SSH config data on a USB stick, and copy it into the live system before connecting.


With Tor installed on a remote server, whether hardware or a free VPS, you can ssh into the server from your personal computer and enjoy anonymity and an unblocked internet without the risk of running Tor locally, where it may be observed by your ISP or local authorities. Even in free countries, where Tor is legal, attackers may still try to surveil you. Use this remote server method to keep the unfriendlies at bay.

©2015 - 2022, All Rights Reserved.
About, Contact, Privacy Policy and Affiliate Disclosure, XML Sitemap.