Forge Home


Front SSH with tor


10,126 latest version

1.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.1.0 (latest)
released Aug 25th 2014

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'tompurl-torssh', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add tompurl-torssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install tompurl-torssh --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



tompurl/torssh — version 0.1.0 Aug 25th 2014

torssh Puppet Module


This is a very simple package that makes an ssh server a Tor hidden service.

Config Example

class { 'torssh':
    ssh_port => 9000, # This is the default


Technically, you should have some sort of SSH server running but this module won't fail is you don't :-)


Once you're done provisioning your system with this module you should be able to connect to your SSH client over the Tor network. First, you need to determine your .onion address by issuing the following command:

$ cat /var/lib/tor/hidden_service/hostname

Then you need to connect with an ssh client. Here's my tutorial on how to do that (under the Client section).

Please note that the ssh_port value above is the port that your SSH server is listening on, not the port that "tor listens on". I used sarcastic quotes in that sentence because Tor hidden services don't listen on a port. Instead they connect to an "introduction point" that then connects them to a hash table and yadda yadda. More detailed information can be found here:

Seriously, it's really cool how it all works. Run netstat after you've provisioned your system and check out how everything is connected.

Supported Platforms

This software has only been tested and installed on Debian Wheezy (7.x). I've tested it on x64 and Raspbian.