Just a novel solution to get behind NAT/Firewall, using tor hidden service

  1. SSH to raspberry pi

  2. Get root

    sudo su
  3. Install tor

    apt update && apt install tor
  4. Edit the tor configuration file for ssh

    nano /etc/tor/torrc

    Enter following lines:

    HiddenServiceDir /var/lib/tor/sshd/
    HiddenServicePort 22
  5. Create the directory for Hidden ssh service

    export SERVICE_DIR=/var/lib/tor/sshd/
    mkdir $SERVICE_DIR
    chmod 700 $SERVICE_DIR
    chown debian-tor.debian-tor $SERVICE_DIR
  6. Enable and restart tor service

    systemctl enable tor && systemctl restart tor
  7. Print the tor hostname

    cat $SERVICE_DIR/hostname
  8. Exit out of raspberry ssh and on your local machine add following lines to ~/.ssh/config

    Host pi
    HostName $HOSTNAME` (Replace $HOSTNAME with above print command)
    User $USER` (Replace $USER with ssh user for raspberry)
    ProxyCommand /usr/bin/nc -xlocalhost:9050 -X5 %h %p
  9. Finally ssh

    ssh pi

Troubleshooting :

  1. You have to have tor installed on client machine
    Mac: brew install tor
    Linux: apt install tor

Sources : 1)