[tor-relays] TOR router install without access to root

Markus Koch niftybunny at googlemail.com
Wed May 25 19:19:58 UTC 2016


The hosting staff in every hosting company has physical access to the
servers (even dedicated) and if you have physical access to a server
think about it as compromised.

I dont really see the difference between shared hosting and my other
bare metal servers. As a CCNP I can compromise them both without much
hassle with physical access to them.

It´s not: Shared hosting = sharing my private keys to the world.

Markus



2016-05-25 21:02 GMT+02:00 Nils Vogels <bacardicoke at gmail.com>:
> So just out of curiosity: if a lot of relays run on hardware of a single
> hosting company, that hosting company has access to many secret keys, which
> might be an interesting attack vector for an adversary.
>
> Given that these nodes have a different administrator, MyFamily won't be
> set.
>
> Does the relay selection algo take this into account in any way?
>
> Greetings!
>
> Op 25 mei 2016 7:45 p.m. schreef "Markus Koch" <niftybunny at googlemail.com>:
>>
>> My experience is: This is the best hosting companyI ever had and I am
>> doing this for over 20 years. I will not run an exit node and I am
>> sure I will be fine.Btw, there are already alot of hight traffic non
>> exit nodes running on feral.
>>
>> Markus
>>
>> PS: I am not working for feral and I am not a family member or any
>> other connection :)
>>
>>
>>
>> 2016-05-25 12:55 GMT+02:00 pa011 <pa011 at web.de>:
>> > Hi Markus,
>> >
>> > on your hint I was just checking feralhosting.com. They are quoting:
>> >
>> > "We do not allow Tor exit nodes to be run on our servers. They're open
>> > invitations for trouble, and while Tor serves a useful purpose our
>> > network is not the place for it.
>> > Tor relays are fine provided they strictly only act as an intermediary.
>> >
>> > We will make an exception to this rule if you bring your own RIPE IPs
>> > and handle abuse directly while taking full responsibility. "
>> >
>> > Is this your experience as well?
>> >
>> > Paul
>> >
>> >
>> > Am 25.05.2016 um 10:16 schrieb Markus Koch:
>> >> Linux, would like to upgrade my accounts at feralhosting.com with tor
>> >> nodes. It must be possible because there are a lot of TOR nodes on
>> >> feral. No clue what kind of linux they are using but you are right, I
>> >> needed root for my other 6 TOR servers and I am just wondering if
>> >> there is a way around it, if not I just ask them to install it for me
>> >> :)
>> >>
>> >>  Markus
>> >>
>> >>
>> >> 2016-05-25 10:10 GMT+02:00 Petrusko <petrusko at riseup.net>:
>> >>> Like a portable version so ?
>> >>>
>> >>> Windows, Linux, which operating system are you using ?
>> >>>
>> >>> On Linux world, I'm usually using Debian and as I know you will need a
>> >>> root access to the server.
>> >>> It will create a debian-tor group, write into the system...
>> >>>
>> >>> Or if your user is in the "sudo" group, it can be ok.
>> >>>
>> >>> On windows, I'm not sure if there's a portable version of Tor...
>> >>> portable = no need to install
>> >>>
>> >>>
>> >>>
>> >>> Le 25/05/2016 10:03, Markus Koch a écrit :
>> >>>> possible or do I have to ask my hosting company for the install on a
>> >>>> shared server?
>> >>>>
>> >>>> Markus
>> >>>> _______________________________________________
>> >>>> tor-relays mailing list
>> >>>> tor-relays at lists.torproject.org
>> >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>>
>> >>> --
>> >>> Petrusko
>> >>> PubKey EBE23AE5
>> >>> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> tor-relays mailing list
>> >>> tor-relays at lists.torproject.org
>> >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>>
>> >> _______________________________________________
>> >> tor-relays mailing list
>> >> tor-relays at lists.torproject.org
>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >>
>> > _______________________________________________
>> > tor-relays mailing list
>> > tor-relays at lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


More information about the tor-relays mailing list