[tor-relays] Extreme Exit Policy
ronqtorrelays at risley.net
ronqtorrelays at risley.net
Tue Dec 18 14:39:40 UTC 2018
> On Dec 17, 2018, at 22:51, Mirimir <mirimir at riseup.net> wrote:
>
> And sure, I could setup .onion SSH for everything, and that'd arguably
> be more secure. But sometimes I'm just too lazy for that.
I'm pretty frickin' lazy, but I do this with all my servers. Here's the recipe for Linux/Debian provisioning:
-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
# cat >>/etc/apt/sources.list
deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main
# apt install gnupg2 dirmngr
# gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
I've had gpg2 fail, in which case this should work:
# gpg --keyserver hkp://pool.sks-keyservers.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
# gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
# apt update
# apt install tor deb.torproject.org-keyring
edit /etc/tor/torrc, the "hidden services" section, to add:
HiddenServiceDir /var/lib/tor/control/
HiddenServicePort 22 127.0.0.1:22
# service tor restart
# cat /var/lib/tor/control/hostname
Record the onion address for posterity
-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
The SSH sessions to the .onion address seem pretty darned solid.
--Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20181218/95dc4955/attachment.html>
More information about the tor-relays
mailing list