By default, torsocks will assume that it should connect to the Tor
SOCKS proxy running at 127.0.0.1 on port 9050. This is the default address
and port for Tor's socks server on most installations. If you are running a
normal Tor installation and have no special requirements, then you should
not need to create, edit or invoke a configuration file when using
torsocks.
Your installation of torsocks includes a default configuration
file that contains values sensible for use with most Tor installations. The
installation location for your default configuration file is:
/etc/tor/torsocks.conf
In order to use a configuration file, you must set the environment
variable TORSOCKS_CONF_FILE with the location of the file.
If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read
the configuration file at /etc/tor/torsocks.conf. If that file cannot be
read, torsocks will use sensible defaults for most Tor installations, i.e.
it will assume that you want to use a SOCKS proxy running at 127.0.0.1
(localhost) on port 9050.
The basic structure of all lines in the configuration file is:
<directive> <parameters>
Empty lines are ignored and all input on a line after a '#'
character is ignored.
The following directives are used in the torsocks configuration
file:
- TorAddress
ip_addr
- The IP address of the Tor SOCKS server (e.g "server =
10.1.4.253"). Only one server may be specified. Currently, torsocks
does NOT support hostname. (default: 127.0.0.1)
- TorPort
port
- The port on which the Tor SOCKS server receives requests. (default: 9050)
- OnionAddrRange
subnet/mask
- Tor hidden sites do not have real IP addresses. This specifies what range
of IP addresses will be handed to the application as "cookies"
for .onion names. Of course, you should pick a block of addresses which
you aren't going to ever need to actually connect to. This is similar to
the MapAddress feature of the main tor daemon. (default: 127.42.42.0/24)
- SOCKS5Username
username
- Username to use for SOCKS5 authentication method that makes the
connections to Tor to use a different circuit from other existing streams.
If set, the SOCKS5Password must be specified also. (Default: none).
- SOCKS5Password
password
- Password to use for SOCKS5 authentication method that makes the
connections to Tor to use a different circuit from other existing streams.
If set, the SOCKS5Username must be specified also. (Default: none).
- AllowInbound
0|1
- Allow inbound connections meaning that listen() and accept()/accept4()
will be allowed for non localhost address so the applicaton can handle
incoming connection. Note that Unix socket are allowed. (Default: 0)
- AllowOutboundLocalhost
0|1|2
- Allow outbound connections to the loopback interface meaning that
connect() will be allowed to connect to localhost addresses bypassing Tor.
If set to 1, TCP connections will be allowed. If set to 2, both TCP/IP and
UDP connections will be allowed. This option should not be used by most
users. (Default: 0)
- IsolatePID
0|1
- Set Torsocks to use an automatically generated SOCKS5 username/password
based on the process ID and current time, that makes the connections to
Tor use a different circuit from other existing streams in Tor on a
per-process basis. If set, the SOCKS5Username and SOCKS5Password options
must not be set. (Default: 0)
$ export TORSOCKS_CONF_FILE=$PWD/torsocks.conf
$ torsocks ssh account@sshserver.com
David Goulet <dgoulet@ev0ke.net>