It can be complicated. Tor itself provides a multi-hop anonymizing TCP 
connection, however what your application may or
may not do outside of Tor is uncontrolled, this is why the Tor Browser is 
recommended for use instead of simply proxying
your regular browser through Tor, TBB is designed to minimize undesired side 

Your question really is asking about undesired side channels, so the answer is, 
"It Depends". I'm not trying to be
flippant, it can be complicated. For example if you client application checks 
server SSH certificates for status (CRL &
OCSP) then you have two immediate concerns: (1) is the OCSP check routing 
outside of Tor, thus potentially
de-anonymizing you immediately, (2) Even if the cert check runs through Tor, do 
you ever access it outside of Tor,
creating a potential for correlation. This is why there is still ongoing 
discussion of whether one should use certs
within Tor.

Another common side channel is DNS. Does the address resolution happen outside 
Tor (unfortunately a common error), in
which case you're immediately de-anonymized. Even if it takes place within Tor, 
do you ever use it outside of Tor, again
creating a potential for correlation.

Then there is more esoteric concerns such as the potential for traffic 
analysis. Does you application create a periodic
pattern of traffic bursts that could be correlated? This would require some 
pretty heavy effort, but not impossible. Do
you have a Hidden Service that comes up and goes down in sync with a public 

Last but not least, there are many executable products that run on your local 
machine, like JavaScript, that may
de-anonymize, intentionally or otherwise, that are not obvious, such as: PDF 
documents, MS Office documents, and others.
It's important to set your routing rules to allow ONLY your expected Tor 
connects and disallow everything else.

> Message: 1
> Date: Sun, 8 Apr 2018 02:40:22 -0600
> From: "J. S. Evans" <>
> To: <>
> Subject: [tor-talk] Getting de-anonymized with SSH
> Message-ID: <000701d3cf15$3e1c6ef0$ba554cd0$>
> Content-Type: text/plain;     charset="us-ascii"
> Hi all,
> First of all, I know that the best way to stay anonymous on Tor when
> browsing the web is to use the Tor Browser and be smart about how you use
> it.
> What about when you're not using the web? If I am using ssh over Tor, is
> there a good chance that I can be de-anonymized? By this I mean ssh to an
> onion service not to the external internet.
> I would think that it is more safe than the web since you don't have to
> worry about things like javascript, etc.
> Am I correct, or are there other things that I am not aware of? Thanks!
> Jason
tor-talk mailing list -
To unsubscribe or change other settings go to

Reply via email to