Changes between Version 129 and Version 130 of doc/TorifyHOWTO


Ignore:
Timestamp:
Apr 23, 2010, 4:49:03 AM (10 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO

    v129 v130  
    11#pragma section-numbers on
    22## Copyright (c) 2004 Thomas Sjogren.
    3 ## Copyright (C) 2004, 2005, 2006  Contributors
    43## Distributed under the MIT license,
    54## See ./LegalStuff for a full text
    65[:../:up to Tor]
    76
    8 = Torifying software HOWTO =
    9 
    10 This document explains how to configure particular programs to use Tor. It was originally written for
    11 a Linux/UNIX environment, but it should include some instructions for Windows and OS X users too. Please add your own Windows configurations to this document.
    12 
    13 Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page --- it's a Wiki, after all.
    14 
    15 
    167Table of Contents
    178[[TableOfContents]]
    189
    19 [[Anchor(BasicConfigIssues)]]
    20 = Basic Configuration Issues =
    21 [#BasicConfigIssues [link]]
     10= TORifying software HOWTO =
     11
     12Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page; it's a Wiki, after all.
     13
     14== Basic Configuration Issues ==
    2215
    2316[[Anchor(UnixLinuxConfiguration)]]
    24 == Unix and Linux Configuration ==
    25 [#UnixLinuxConfiguration [link]]
    26 
    27 First, we assume you installed Privoxy. Many applications can be set to use an http proxy,
    28 and that will make your life much easier.
     17=== Unix and Linux Configuration ===
    2918
    3019Under Unix and GNU/Linux, most HTTP capable applications, like {{{lynx}}}, {{{wget}}} and {{{curl}}}, will honor the value of the {{{http_proxy}}} environment variable. Some applications use all lower case, some all upper, so specify both to be safe.
     
    3726export http_proxy HTTP_PROXY
    3827}}}
     28[#UnixLinuxConfiguration [#]]
    3929
    4030[[Anchor(DNSNote)]]
    41 == About DNS and tsocks ==
    42 [#DNSNote [link]]
     31=== About DNS and tsocks ===
    4332
    4433tsocks correctly replaces ''connect(2)'' calls with calls to your SOCKS proxy (Tor), but it doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.
     
    5140
    5241'''NOTE:''' There is now a patch to the tsocks code that handles dns leaks and .onion addresses, [http://www.totalinfosecurity.com/patches/tor.php tordns]
     42[#DNSNote [#]]
    5343
    5444[[Anchor(Socat)]]
    55 == About socat ==
    56 [#Socat [link]]
     45=== About socat ===
    5746
    5847[http://www.dest-unreach.org/socat/ socat] is a multipurpose relay for bidirectional data transfer.  It is possible to use socat as a general means by which programs agnostic of SOCKS can use Tor by connecting to a local TCP port.
     
    8776when a direct DNS resolution attempt failed, thus possibly revealing which DNS names you
    8877accessed through socat. See [http://archives.seul.org/or/dev/Jul-2004/msg00000.html this post tor-dev] for details.
     78[#Socat [#]]
    8979
    9080[[Anchor(SocatOpenBSD)]]
    91 === Socat on OpenBSD ===
    92 [#SocatOpenBSD [link]]
    93 
    94 For enhanced security you can use socat like this:
     81==== Socat on OpenBSD 3.7 ====
     82
     83There is no port or package for socat in OpenBSD.  It compiles cleanly from the source.
     84If you only use socat for Tor, I'd suggest trying these configure options:
     85
     86{{{
     87./configure --disable-file --disable-creat --disable-gopen --disable-pipe --disable-unix --disable-exec \
     88            --disable-system --disable-pty --disable-readline --prefix=/usr/local/opt
     89gmake && gmake install
     90}}}
     91
     92to install everything into /usr/local/opt (to avoid overwriting normal ports).
     93
     94Instead of the above socat command, you can also make it bind only to localhost:
    9595
    9696{{{
     
    181181This also assumes that you have dsocks' {{{tor-dns-proxy.py}}} setup to handle DNS requests on
    182182127.0.0.1:53.
    183 
    184 [[Anchor(#WebBrowsers)]]
    185 = Web browsers =
    186 [#WebBrowsers [link]]
    187 
    188 Web browsing and Privoxy is also covered in the [http://tor.eff.org/documentation tor setup docs], specifically
    189  * http://tor.eff.org/docs/tor-doc-osx
    190  * http://tor.eff.org/docs/tor-doc-unix
    191  * http://tor.eff.org/docs/tor-doc-win32
     183[#SocatOpenBSD [#]]
     184
     185== Web browsers ==
    192186
    193187[[Anchor(Konqueror)]]
    194 == Konqueror ==
    195 [#Konqueror [link]]
     188=== Konqueror ===
    196189
    197190Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup
     
    212205httpsProxy=http://127.0.0.1:8118
    213206}}}
     207[#Konqueror [#]]
    214208
    215209[[Anchor(Links)]]
    216 == Links ==
    217 [#Links [link]]
     210=== Links ===
    218211
    219212Setup -> Network Options
     
    230223...
    231224}}}
     225[#Links [#]]
    232226
    233227[[Anchor(Lynx)]]
    234 == Lynx ==
    235 [#Lynx [link]]
     228=== Lynx ===
    236229
    237230Lynx will respect the {{{http_proxy}}} enviroment variable, but you can edit {{{/etc/lynx.cfg}}}:
     
    245238...
    246239}}}
    247 
    248 [[Anchor(Opera)]]
    249 == Opera ==
    250 [#Opera [link]]
    251 
    252 Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers. Check HTTP and enter "127.0.0.1" and "8118" as port or open about:config and enter "127.0.0.1:8118" in Proxy -> HTTP Server.
     240[#Lynx [#]]
    253241
    254242[[Anchor(MozillaFirefox)]]
    255 == Mozilla Firefox ==
    256 [#MozillaFirefox [link]]
    257 
    258 In later versions of Firefox, at least in the current version 1.5.0.1 under Linux and Windows XP, you can enable the browser to do remote domain name lookups. The option network.proxy.socks_remote_dns is available via about:config and should look like
    259 
    260 {{{
    261 network.proxy.socks_remote_dns  user set        boolean         true
    262 }}}
    263 
    264 At [http://www.imperialviolet.org/deerpark.html http://www.imperialviolet.org/deerpark.html] you can find an excellent step-by-step introduction on how to configure Firefox in this manner.
    265 '''Be careful, though:  In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work.  In this case, you may want to use Privoxy or similar projects.'''  To find out whether your version implements remote DNS resolution correctly, you may try out a URL ending in `.onion`, like [http://6sxoyfb3h2nvok2d.onion/tor/ this one] leading to the [http://6sxoyfb3h2nvok2d.onion/tor/ the Hidden Tor Wiki].  If the Hidden Wiki shows up, remote DNS resolution works.
    266 
    267 Otherwise, to use Privoxy with Firefox 1.5x on Windows, do the following in Firefox:
    268 
    269 Tools -> Options -> General -> Connection Settings -> Manual proxy configuration
    270 
    271 Set HTTP Proxy 127.0.0.1 (or localhost), port 8118 and tick the box [X] Use for all protocols.  Or you may explicitly set the Proxy information for SSL, FTP, and Gopher to localhost/8118 and then set the SOCKS Host information to localhost/9050, making sure to specify SOCKS v5.
    272 
    273 '''Remember: Configuring Privoxy for FTP will break ftp:// URLs, but if you don't do this, your Firefox will leak your IP address for those sites. Use Filezilla for handling FTP traffic'''
    274 
    275 
    276 http://wiki.noreply.org/images/firefox_proxy.png
     243=== Mozilla Firefox ===
     244
     245Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration
     246{{{
     247HTTP Proxy: 127.0.0.1 port 8118
     248SSL Proxy: 127.0.0.1 port 8118
     249SOCKS v5
     250}}}
     251
     252To change the proxy configuration for all Firefox users on your machine, edit the {{{/usr/lib/mozilla-firefox/greprefs/all.js}}} file:
     253
     254{{{
     255...
     256pref("network.proxy.type",                  1);
     257...
     258pref("network.proxy.http",         "127.0.0.1");
     259pref("network.proxy.http_port",          8118);
     260pref("network.proxy.ssl",          "127.0.0.1");
     261pref("network.proxy.ssl_port",           8118);
     262pref("network.proxy.socks",                 "");
     263pref("network.proxy.socks_port",            0);
     264pref("network.proxy.socks_version",         5);
     265pref("network.proxy.no_proxies_on",         "localhost, 127.0.0.1");
     266...
     267}}}
     268
     269In later versions of Firefox, you need to get a nightly-build at the moment, you can enable the browser to do remote domain name look ups. The option network.proxy.socks_remote_dns is available via about:config and should look like
     270
     271{{{
     272network.proxy.socks_remote_dns  user    set     boolean         true
     273}}}
    277274
    278275Also, Mac OS X users should change the above preferences by entering about:config in the URL bar because the firefox preferences dialog is a bit screwy.
    279 
    280 [[Anchor(OpenHTTPProxies)]]
    281 == Circumventing Tor blocks using open HTTP proxies ==
    282 [#OpenHTTPProxies [link]]
    283 
    284 Some websites have blocked access from Tor users. Often, however, these websites still allow access from any of millions of open HTTP proxies on the internet. Unfortunately, using an open HTTP proxy directly is not very anonymous.
    285 
    286 The solution is to chain an open HTTP proxy between Tor and the unfriendly website. This provides all the anonymity benefits of Tor, while obscuring the fact that you're using Tor from the website.
    287 
    288 === Privoxy ===
    289 
    290 One method involves Privoxy. This example config will send all requests through Tor, only chaining an open HTTP proxy after Tor for a select site. Replace 0.0.0.0:80 with the proxy's address and port.
    291 
    292 {{{
    293 forward-socks4a / localhost:9050 .
    294 forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80
    295 }}}
    296 
    297 === Socat ===
    298 
    299 Another method requires Socat. This will forward all connections to localhost:8080 to an open HTTP proxy through Tor. Just configure your browser to use localhost:8080 as an HTTP proxy. Once again, replace 0.0.0.0:80 with the proxy's address and port.
    300 
    301 {{{
    302 socat TCP4-LISTEN:8080,bind=localhost,fork SOCKS4A:localhost:0.0.0.0:80,socksport=9050
    303 }}}
    304 
    305 [[Anchor(Email)]]
    306 = Email =
    307 [#Email [link]]
     276[#MozillaFirefox [#]]
     277
     278== Email ==
    308279
    309280[[Anchor(Fetchmail)]]
    310 == Fetchmail ==
    311 [#Fetchmail [link]]
     281=== Fetchmail ===
    312282
    313283This isn't the most elegant solution, but it works. Rename your {{{/etc/init.d/fetchmail}}} file to {{{{fetchmail-orig}}}, for example, then save the script below as {{{/etc/init.d/fetchmail}}}, and restart fetchmail with {{{/etc/init.d/fetchmail restart}}}. Your mail will now be fetched through the Tor network.
     
    395365
    396366If you are lazy you can also just call {{{torify fetchmail}}} or {{{torify fetchmail -d 900}}}.
    397 
    398 [[Anchor(IM)]]
    399 = Instant messaging =
    400 [#IM [link]]
    401 
    402 [[Anchor(qip)]]
    403 == qip ==
    404 http://img209.imageshack.us/img209/6103/qipyq5.png
    405 
    406 [[Anchor(ICQ)]]
    407 == ICQ ==
    408 
    409 First Step:
    410 
    411 http://img60.imageshack.us/img60/4654/icq1ps8.png
    412 
    413 Second Step:
    414 
    415 http://img209.imageshack.us/img209/6752/icq2ec7.png
     367[#Fetchmail [#]]
     368
     369== Instant messaging ==
    416370
    417371[[Anchor(Gaim)]]
    418 == Gaim ==
    419 [#Gaim [link]]
     372=== Gaim ===
    420373
    421374Preferences -> Network -> Proxy
     
    427380
    428381See the note on tsocks and DNS above.
     382[#Gaim [#]]
    429383
    430384[[Anchor(Psi)]]
    431 == Psi ==
    432 [#Psi [link]]
     385=== Psi ===
    433386
    434387[http://psi.affinix.com/ Psi] is a Jabber client with support for
     
    448401
    449402See the note on tsocks and DNS above.
    450 
    451 [[Anchor(Miranda)]]
    452 == Miranda ==
    453 [#Miranda [link]]
    454 "M" Menu -> Options -> Network
    455 
    456 {{{
    457 Proxy Type: SOCKS5
    458 Proxy Server: localhost or 127.0.0.1
    459 Port: 9050
    460 }}}
    461 
    462 [[Anchor(Bitlbee)]]
    463 == Bitlbee ==
    464 [#Bitlbee [link]]
    465 
    466 Simply add the following to {{{/etc/bitlbee/bitlbee.conf}}} and connect with your favorite IRC client:
    467 {{{
    468 Proxy = socks5://localhost:9050
    469 }}}
    470 
    471 
    472 [[Anchor(IRC)]]
    473 = IRC/SILC =
    474 [#IRC [link]]
     403[#Psi [#]]
     404
     405== IRC/SILC ==
    475406
    476407[[Anchor(Irssi)]]
    477 == Irssi ==
    478 [#Irssi [link]]
    479 
     408=== Irssi ===
    480409If you are running Privoxy, as recommended, you can just configure irssi's own proxy settings to use Privoxy as an HTTP proxy.
    481410Otherwise, you can run Irssi with {{{tsocks irssi}}}.  Unfortunately, as mentioned above, Irssi's own proxy configuration options are HTTP specific.
     
    515444}}}
    516445
    517 Don't forget to modify the limit-connect settings in the Privoxy .action files first. This is typically found in default.action, and is a filter that limits what ports Privoxy will connect to. Since Privoxy only listens on the local interface, it is safe to replace this line with '+limit-connect{1-}' which allows Privoxy to connect to all ports.
     446Don't forget to modify the limit-connect settings in the Privoxy .action files first.
    518447
    519448To minimize information leakage about your client and timezone add
     
    534463/save
    535464}}}
     465[#Irssi [#]]
    536466
    537467[[Anchor(XChat)]]
    538 == X-Chat ==
    539 [#XChat [link]]
    540 
    541 [http://www.xchat.org/ X-Chat] supports SOCKS 5 and does not leak DNS requests.
    542 
     468=== X-Chat ===
    543469Settings-> Preferences -> Network -> Network setup -> Proxy server
    544470{{{
     
    548474}}}
    549475
    550 [http://xrl.us/h7rs Unofficial builds] of X-Chat for Windows are free.
    551 
    552476See the note on tsocks and DNS above.
     477[#XChat [#]]
    553478
    554479[[Anchor(SILC)]]
    555 == SILC ==
    556 [#SILC [link]]
    557 
     480=== SILC ===
    558481Since the [http://www.silcnet.org SILC] client is based on Irssi, you can follow the same procedure to make it use Tor. Combining Tor and SILC might be one of the safest ways to communicate with someone over the Internet. More information about SILC is available at [http://www.silcnet.org its website].
     482[#SILC [#]]
    559483
    560484[[Anchor(Silky)]]
    561 === Silky ===
    562 [#Silky [link]]
    563 
     485==== Silky ====
    564486[http://silky.sf.net/ Silky] is a GTK2 SILC client. It does not currently support SOCKS, so the best way to make it work with Tor is using socat (IMO).:
    565487
     
    567489
    568490And then tell Silky to connect to localhost:6666.
     491[#Silky [#]]
    569492
    570493[[Anchor(BitchX)]]
    571 == BitchX ==
    572 [#BitchX [link]]
    573 
     494=== BitchX ===
    574495In order to use [http://www.bitchx.org BitchX] with tor, you first need to get [http://proxychains.sourceforge.net ProxyChains], a *NIX-only HTTP and SOCKS proxy client.  On Debian systems, install the {{{proxychains}}} package.  Once installed, just add
    575496
     
    586507You may want to look up your IRC server's IP with {{{tor-resolve}}} and use the IP in place
    587508of a hostname; see the note on tsocks and DNS above.
     509[#BitchX [#]]
    588510
    589511[[Anchor(mIrc)]]
    590 == mIRC ==
    591 [#mIrc [link]]
    592 
     512=== mIRC ===
    593513Mirc.co.uk: [http://www.mirc.co.uk/help/proxies.html Proxies and Firewalls]
    594514
     
    606526}}}
    607527
    608 http://wiki.noreply.org/images/mirc_firewall.png
    609 
    610 Don't use SOCKS4. Use SOCKS5.
    611 
    612 There is a way to automate this with two commands...
    613 
    614 {{{
    615 /firewall -cm5+d on localhost 9050
    616 }}}
    617 
    618 to activate it and...
    619 
    620 {{{
    621 /firewall -d off
    622 }}}
    623 
    624 to deactivate the proxy. You can add this commands to your personal commands menu by following these instructions:
    625 
    626  Press Alt+P to open the popup editor and type this bellow "Commands"
    627  
    628 {{{
    629 Anonymize:/firewall -cm5+d on localhost 9050
    630 de-Anonymize:/firewall -d off
    631 }}}
     528I get "Unable to resolve server" errors using SOCKS4 with mIRC and .onion addresses.  SOCKS5 works.
     529[#mIRC [#]]
    632530
    633531[[Anchor(Trillian)]]
    634 == Trillian ==
    635 [#Trillian [link]]
    636 
     532=== Trillian ===
    637533Preferences -> Advanced Preferences -> Proxy Server
    638 {{{
    639 Use proxy server to resolve names.
    640 Use proxy server.
    641 Protocol: SOCKS5
    642 Host: localhost or 127.0.0.1
    643 Port: 9050
    644 }}}
    645 
    646 
    647 
    648 [[Anchor(KVIrc)]]
    649 == KVIrc ==
    650 [#KVIrc [link]]
    651 
    652 [http://www.kvirc.net KVIrc]
    653 
    654 Settings -> Configure KVIrc -> Connection -> Proxy Hosts
    655 
    656 {{{
    657 Use proxy.
    658 New proxy.
    659 Proxy: tor
    660 Port: 9050
    661 IP Address: 127.0.0.1
    662 Protocol: SOCKSv5
    663 }}}
    664 
    665 http://img143.imageshack.us/img143/6898/kvirc5er.png
    666 
    667 Since kVIrc does not support remote dns yet, you have to add a mapping to your tor config, if you want to connect to a hidden service. Do this  like:
    668 {{{
    669 echo 'mapaddress  10.40.40.40  mejokbp2brhw4omd.onion' >> /etc/tor/torrc
    670 pkill -HUP tor
    671 }}}
    672 and then connect to 10.40.40.40 through your Tor proxy.
    673 
    674 http://img137.imageshack.us/img137/9471/kvirctorhiddenservicetm9.png
    675 
     534
     535[#Trillian [#]]
    676536
    677537[[Anchor(BitTorrent)]]
    678 = BitTorrent =
    679 [#BitTorrent [link]]
    680 
    681 BitTorrent is already using a mechanism similiar to Tor to communicate with other peers. Torifying the bittorrent traffic would just add more overhead and reduce throughput.
     538== BitTorrent ==
     539BitTorrent is already using a mechanism similiar to tor to communicate with other peers. torifying the bittorrent traffic would just add more overhead and reduce throughput.
    682540You may want to use tor to communicate with the tracker, though. For this, just add {{{--tracker-proxy 127.0.0.1:8118}}}:
    683541{{{
    684 btlaunchmanycurses --tracker_proxy 127.0.0.1:8118 <directory>
    685 }}}
    686 
    687 [[Anchor(µTorrent)]]
    688 == µTorrent ==
    689 
    690 µTorrent, like BitTorrent is already using a mechanism similiar to Tor to communicate with other peers. Torifying the bittorrent traffic would just add more overhead and reduce your transfer throughput a lot. It also severely taxes the Tor network and is considered poor etiquette.
    691 The following image shows how to configure µTorrent to torify tracker traffic. Note the unchecked {{{Use proxy server for peer-to-peer connections}}}. Checking this will severely limit transfer speeds and needlesly tax the Tor network.
    692 
    693 http://img166.imageshack.us/img166/610/utorrenttorifyag8.jpg
     542btlaunchmanycurses --tracker-proxy 127.0.0.1:8118 <directory>
     543}}}
     544[#BitTorrent [#]]
    694545
    695546[[Anchor(Azureus)]]
    696 == Azureus ==
    697 [#Azureus [link]]
     547=== Azureus ===
    698548
    699549See [http://azureus.sourceforge.net/doc/AnonBT/].
    700 
    701 [[Anchor(Misc)]]
    702 = Misc =
    703 [#Misc [link]]
     550[#Azureus [#]]
     551
     552== Misc ==
    704553
    705554[[Anchor(APT)]]
    706 == APT ==
    707 [#APT [link]]
    708 
     555=== APT ===
    709556'''Warning''': This will only work for HTTP because Privoxy does not support FTP.
    710557
     
    713560Acquire::http::Proxy "http://127.0.0.1:8118/";
    714561}}}
    715 
    716 [[Anchor(GnuPGprivoxy)]]
    717 == GnuPG: Method 1 (Privoxy) ==
    718 [#GnuPGprivoxy [link]]
    719 
     562[#APT [#]]
     563
     564[[Anchor(GnuPG)]]
     565=== GnuPG ===
    720566Add or edit the following lines in your {{{$HOME/.gnupg/gpg.conf}}}:
    721567{{{
     
    732578
    733579If you don't want to write the export line every time, you can add {{{ alias gpg='http_proxy=http://127.0.0.1:8118/ gpg' }}} to your .bashrc file as well; if you have set the {{{http_proxy}}} environment variable, you may skip this step.
    734 
    735 [[Anchor(GnuPGtorify)]]
    736 == GnuPG: Method 2 (torify) ==
    737 [#GnuPGtorify [link]]
    738 
    739 At least a couple of people have had problems with using GPG over Privoxy. It is possible to use GPG with torify instead. If you have {{{http_proxy}}} set, GPG will try to use it. Add {{{no-honor-http-proxy}}} to your {{{keyserver-options}}} to prevent that.
    740 
    741 Remember that torify doesn't handle DNS! Use tor-resolve to get the IP of your keyserver and use that. Either add it to {{{$HOME/.gnupg/gpg.conf}}} as the {{{keyserver}}} option or put it on the command line.
    742 
    743 Now run
    744 {{{
    745 torify gpg --refresh-keys
    746 }}}
    747 
    748 or
    749 
    750 {{{
    751 torify gpg --keyserver [result of tor-resolve] --refresh-keys
    752 }}}
     580[#GnuPG [#]]
    753581
    754582[[Anchor(Wget)]]
    755 == Wget ==
    756 [#Wget [link]]
     583=== Wget ===
    757584
    758585Wget will also respect the http_proxy enviroment variable, but you can edit {{{/etc/wgetrc}}}:
     
    764591...
    765592}}}
    766 
    767 [[Anchor(SSHtorify)]]
    768 == SSH: Method 1 (torify) ==
    769 [#SSHtorify [link]]
     593[#Wget [#]]
     594
     595[[Anchor(SSHconnect)]]
     596=== SSH: Method 1 (torify) ===
    770597
    771598Simply run {{{torify ssh <parameters>}}} if the host is not on a local network and you're done.
    772599
    773 [[Anchor(SSHconnect)]]
    774 == SSH: Method 2 (connect) ==
    775 [#SSHconnect [link]]
     600=== SSH: Method 2 (connect) ===
    776601
    777602These instructions should work on most *nix systems. Tested on Mac OS X 10.3.x and Debian GNU/Linux.
     
    7796041 - Upgrade your SSH to an OpenSSH version that has Socks 5 support. The OpenSSH client that is shipped with Mac OS X 10.3 (aka ''Panther'') - OpenSSH_3.6.1p1 - will not work correctly. Download, build and install the current stable version from the [http://www.openssh.org OpenSSH website]. If you're using Mac OS X, using [http://fink.sourceforge.net fink] may be easier for you.
    780605
    781 2  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website]. Note: the site appears to be down at the moment, we've mirrored the script at https://savannah.gnu.org/maintenance/connect.c
    782 
    783 A pre-compiled version of {{{connect}}} for Mac OS X is available at [http://members.lycos.co.uk/hardapple/tools/connect.tar]. (md5sum: b5180cb789813fc958209c58b99039fa)
     6062  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website].
     607
     608A pre-compiled version of {{{connect}}} for Mac OS X is available [http://members.lycos.co.uk/hardapple/tools/connect.tar here]. (md5sum: b5180cb789813fc958209c58b99039fa)
    784609
    785610Install connect into the {{{/usr/local/bin}}} directory.
     
    833658You may want to look up your SSH server's IP with {{{tor-resolve}}} and use the IP in place
    834659of a hostname; see the note on tsocks and DNS above.
     660[#SSHconnect [#]]
    835661
    836662[[Anchor(SSHsocat)]]
    837 == SSH: Method 3 (socat) ==
    838 [#SSHsocat [link]]
     663=== SSH: Method 3 (socat) ===
    839664
    840665Use [http://www.dest-unreach.org/socat/ socat] as described above.  One way to access an SSH server via Tor is to socat to make a tcp4 listener and relay to your local Tor client, then ssh to it. It's not the nicest way. Using OpenSSH, then you can use the {{{ProxyCommand}}} option in your {{{~/.ssh/config}}} file, as follows:
     
    863688ProxyCommand socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050
    864689}}}
    865 
    866 [[Anchor(Putty)]]
    867 == Putty ==
    868 [#Putty [link]]
    869 
    870 Putty is a neat suite of programs for doing Telnet, SSH, SCP, etc.[[BR]]
    871 [wiki:/Putty Configuration Details][[BR]]
     690[#SSHsocat [#]]
    872691
    873692[[Anchor(vpnd)]]
    874 == vpnd ==
    875 [#vpnd [link]]
    876 
     693=== vpnd ===
    877694It is possible to run a (slow) vpnd through tor.
    878 How to setup this up is explained at [http://www.vanheusden.com/Linux/tt.html].
     695How tho setup this up is explained here: [http://www.vanheusden.com/Linux/tt.html]
     696[#vpnd [#]]
    879697
    880698[[Anchor(Remailing)]]
    881 = Remailing =
    882 [#Remailing [link]]
     699== Remailing ==
    883700
    884701[:TheOnionRouter/RemailingAndTor:see Remailing: achieve strong remailing anonymity/security via. Tor and Stunnel]
     702[#Remailing [#]]
    885703
    886704[[Anchor(CrazyAndLazy)]]
    887 = For the Crazy and Lazy =
    888 [#CrazyAndLazy [link]]
    889 
     705== For the Crazy and Lazy ==
    890706If you are lazy and don't want to repeat most of the steps laid out here every time you call the program (and who would?) you can have a look at [http://shellscripts.org/project/toraliases the tor aliases project].
    891707
    892 [[Anchor(Credits)]]
    893 = Credits =
    894 [#Credits [link]]
     708[#CrazyAndLazy [#]]
     709== Credits ==
    895710
    896711Thomas Sjogren with Northern Security started this howto and still maintains a copy at:
     
    902717        * Thomas Hardly
    903718        * tyranix
    904         * thalunil