For the internet-facing servers I administer I usually lock down the IPs that can access ssh (banning by country), also install fail2ban, and run sshd on a port other than the default of 22. This technique goes the other way, using Tor to obfuscate the connection but allowing anyone with the ‘.onion’ hostname to attempt to connect. I’m going to file it under ‘might be useful’…:
SSH is, by design, a fairly secure means of gaining shell access to remote machines. However, there are always ways to eke out a bit more security and privacy from these connections.
One such method is with the help of Tor. With Tor, you can add a level of anonymity and even hide your services from prying/hacking eyes.
I’m going to walk you through the process of making SSH connections over Tor. The process isn’t terribly difficult so anyone that administers SSH should be able to make this work.
What you’ll need
I’ll be demonstrating on two Ubuntu server machines, but the process will work with just about any Linux distribution. You’ll also need a user with sudo privileges.