Install Tor proxy on Ubuntu 20.04 Linux

Tor is free software that allows a user to have complete anonymity online. It can be used to avoid having websites and applications track your location or attempt to identify you. It does this by routing your network data through a pool of servers around the world, while also stripping identifying information from packet headers.

It’s often used to avoid region blocks on the likes of Netflix or YouTube. Some users like it because it prevents ad tracking companies from building a profile on you based on your browsing habits and serving personalized ads. Still, others are just a little paranoid and appreciate the assurance that no one can spy on their internet activity.

You can use Tor on Ubuntu 20.04 Focal Fossa by installing the Tor client. We’ll show you how to set it up in this guide, which includes browser configuration and enabling all of your shell commands to run through Tor’s network.

In this tutorial you will learn:

  • How to install Tor on Ubuntu 20.04
  • Test your network connection through Tor
  • How to Torify your shell temporarily or persistently
  • Enable and utilize the Tor control port
  • Configure web browser to use Tor network

How to use the Tor network to browse online on Ubuntu 20.04 Desktop/Server

How to use the Tor network to browse online on Ubuntu 20.04 Desktop/Server
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed Ubuntu 20.04 or upgraded Ubuntu 20.04 Focal Fossa
Software Tor
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Install Tor on Ubuntu 20.04

  1. First, we need to install Tor on our system. Open a terminal and type the following command to install it:
    $ sudo apt install tor
    


  2. By default, Tor runs on port 9050. You can confirm that Tor is up and running correctly by using the ss command in terminal:
    $ ss -nlt
    State    Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  Process  
    LISTEN   0        4096       127.0.0.53%lo:53            0.0.0.0:*              
    LISTEN   0        5              127.0.0.1:631           0.0.0.0:*              
    LISTEN   0        4096           127.0.0.1:9050          0.0.0.0:* 
    

    Another quick way to check if Tor is installed and see what version you’re running is with this command:

    $ tor --version
    Tor version 0.4.2.7.
    

Tor network connection test

  1. Let’s see Tor in action and make sure it’s functioning how it’s supposed to. We’ll do this by obtaining an external IP address from the Tor network. First, check what your current IP address is:
    $ wget -qO - https://api.ipify.org; echo
    147.232.135.100
    
  2. Then, we’ll run the same command but preface it with torsocks. This way, the command is run through our Tor client instead.
    $ torsocks wget -qO - https://api.ipify.org; echo
    162.247.74.200
    
    See how our IP address changes when using the torsocks command prefix

    See how our IP address changes when using the torsocks command prefix

You should see a different IP address now. That means our request was routed through the Tor network successfully.

How to “torify” your shell

  1. Obviously, prefacing every network related command with torsocks will get old quickly. If you want to use the Tor network by default for shell commands, you can torify your shell with this command:
    $ source torsocks on
    Tor mode activated. Every command will be torified for this shell.
    
  2. To make sure it worked, try retrieving your IP address without using the torsocks command prefix:
    $ wget -qO - https://api.ipify.org; echo
    162.247.74.200
    
    Turn on tor mode to torify the shell

    Turn on tor mode to torify the shell
  3. The torified shell will only persist for the current session. If you open new terminals or reboot your PC, the shell will default back to your ordinary connection. To turn torsocks on permanently for all new shell sessions and after reboot, use this command:
    $ echo ". torsocks on" >> ~/.bashrc
    
  4. If you need to toggle torsocks mode off again, just enter:
    $ source torsocks off
    Tor mode deactivated. Command will NOT go through Tor anymore.
    

Enable the Tor control port

In order to interact with the Tor installation on our system, we need to enable Tor’s control port. Once enabled, Tor will accept connections on the control port and allow you to control the Tor process through various commands.

  1. To start, we will password protect the Tor connection with the following command. We’re using my-tor-password in this example.
    $ torpass=$(tor --hash-password "my-tor-password")
    
  2. Next, use this command to enable the Tor control port and insert our previously hashed password:
    $ printf "HashedControlPassword $torpass\nControlPort 9051\n" | sudo tee -a /etc/tor/torrc
    
    Generating a tor password hash

    Generating a tor password hash


  3. You can check the contents of your /etc/tor/torrc configuration file to confirm that the hash password settings have been correctly included.
    $ tail -2 /etc/tor/torrc
    HashedControlPassword 16:5D13CF3C7511D9FC60161179F8FFA1083C99601A5257CDC622E161839B
    ControlPort 9051
    
  4. Restart Tor to apply the changes:
    $ sudo systemctl restart tor
    
  5. Now, you should be able to see the Tor service running on both ports 9050 and 9051:
    ss -nlt
    State         Recv-Q        Send-Q               Local Address:Port                Peer Address:Port        Process        
    LISTEN        0             4096                 127.0.0.53%lo:53                       0.0.0.0:*                          
    LISTEN        0             5                        127.0.0.1:631                      0.0.0.0:*                          
    LISTEN        0             4096                     127.0.0.1:9050                     0.0.0.0:*                          
    LISTEN        0             4096                     127.0.0.1:9051                     0.0.0.0:*
    

Connect to Tor control port

  1. Now, we are able to connect to the Tor control port to communicate with Tor and issue commands. For example, here we use the telnet command to request a new Tor circuit and clear cache:
    $ telnet 127.0.0.1 9051
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.
    AUTHENTICATE "my-tor-password"
    250 OK
    SIGNAL NEWNYM
    250 OK
    SIGNAL CLEARDNSCACHE
    250 OK
    quit
    250 closing connection
    Connection closed by foreign host.
    

    On Line 5 we have entered AUTHENTICATE command and our Tor password. On Line 7 and Line 9 we asked Tor for a new circuit and clean cache. Obviously, you need to know a few commands to get much use out of the control port, which is why we linked to a list of commands above.

    Connecting to the Tor control port

    Connecting to the Tor control port
  2. Communication with the Tor control port can also be shell scripted. Consider the following example, which will request a new circuit (IP address) from Tor:
    $ source torsocks off
    Tor mode deactivated. Command will NOT go through Tor anymore.
    $ torsocks wget -qO - https://api.ipify.org; echo
    103.1.206.100
    $ echo -e 'AUTHENTICATE "my-tor-password"\r\nsignal NEWNYM\r\nQUIT' | nc 127.0.0.1 9051
    250 OK
    250 OK
    250 closing connection
    $ torsocks wget -qO - https://api.ipify.org; echo
    185.100.87.206
    

    The magic happens on Line 5, where multiple Tor commands are strung together. The wget commands show how our connection’s IP address has changed after requesting a clean circuit. This script can be executed any time you need to obtain a new circuit.

Configure web browser to use Tor network

To browse the web anonymously through Tor, we’ll need to configure our web browser to route traffic through our local Tor host. Here’s how you would configure that on Ubuntu’s default web browser, Firefox. The instructions for other web browsers will be very similar.



  1. Open the settings panel from the menu or by typing about:preferences into the address bar. Scroll all the way down to find “Network Settings” and click the “Settings” button.
    Open Network Settings menu in your web browser

    Open Network Settings menu in your web browser
  2. In this menu, select “Manual proxy configuration” and enter localhost under the “SOCKS Host” field. For port, enter 9050. See the screenshot below for how yours should look.
    Configure SOCKS host inside network settings

    Configure SOCKS host inside network settings
  3. When you’re done entering those settings, click OK. You can confirm that the changes have taken effect by navigating to a website like IP Chicken to make sure that you are connected to the Tor network. This is a recommended step anytime you want to make absolutely sure that you are browsing anonymously.
    We are browsing anonymously, hence the new IP address from Tor network

    We are browsing anonymously, hence the new IP address from Tor network

Conclusion

Using Tor is a great way to maintain anonymity on the internet. It’s totally free and only takes a few minutes to configure. You can exercise a lot of control over your Tor connection if you take a little time to understand how the control port works, as we’ve shown in this article.

By utilizing what you’ve learned in this guide, you can ensure that all your outgoing internet activity is masked, whether you are using a web browser or issuing commands from the terminal. Of course, other applications can also be configured to use Tor, you just need to configure them to connect to your SOCKS localhost.