
<div dir="ltr"><div>Thanks for the instructions.</div><div><br></div>So what if I set up an L2TP VPN connection from my server to my computer at home which stores the keys and I download the file directly into the RAM folder?<div>


<br></div><div>The purpose is to avoid storing the file or let the file passing through the local normal storage system on my <span class="GINGER_SOFATWARE_correct">vserver</span> which could be extremely insecure in this situation.</div>


<div><br></div><div>So will any of these techniques you have described or I stated above let my data passing through the local ROM storage system of the <span class="GINGER_SOFATWARE_correct">vserver</span>?<br><div class="gmail_extra">


<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>

Date: Tue, 27 Aug 2013 00:14:36 -0400<br>

From: <a href="mailto:tor@t-3.net">tor@t-3.net</a><br>

To: <<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>><br>

Subject: Re: [tor-relays] Store key files in RAM<br>

Message-ID: <<a href="mailto:521c27ac.570.f998d700.49849df@t-3.net">521c27ac.570.f998d700.49849df@t-3.net</a>><br>

Content-Type: text/plain; charset="us-<span class="GINGER_SOFATWARE_correct">ascii</span>"; Format="flowed"<br>

<br>

IMO cut and paste in the situation you're describing is not the<br>

<span class="GINGER_SOFATWARE_correct">perfect</span> way. <span class="GINGER_SOFATWARE_correct">Better way</span> would be:<br>

<br>

Have a secure <span class="GINGER_SOFATWARE_correct">linux</span> machine running <span class="GINGER_SOFATWARE_correct">an</span> <span class="GINGER_SOFATWARE_correct">sshd</span> at your home (or another<br>

<span class="GINGER_SOFATWARE_correct">physically</span>-controlled location?).<br>

Close off iptables and ip6tables for inbound <span class="GINGER_SOFATWARE_correct">sshd</span> except for <span class="GINGER_SOFATWARE_correct">your</span><br>

<span class="GINGER_SOFATWARE_correct">vserver's</span> IP<br>

(<span class="GINGER_SOFATWARE_correct">hint</span>: "ssh-keygen -t <span class="GINGER_SOFATWARE_correct">rsa</span> -f /etc/ssh/ssh_host_rsa_4096_key -b 4096"<br>

(<span class="GINGER_SOFATWARE_correct">don't</span> put a password when it asks))<br>

<span class="GINGER_SOFATWARE_correct">and</span> edit sshd_config to point it to the new key. Also in the config,<br>

<span class="GINGER_SOFATWARE_correct">force</span> your local <span class="GINGER_SOFATWARE_correct">sshd</span><br>

<span class="GINGER_SOFATWARE_correct">server</span> to insist upon only using these 2 ciphers ("Ciphers<br>

aes256-ctr,aes256-cbc").<br>

Restart the local <span class="GINGER_SOFATWARE_correct">sshd</span> (maybe "service sshd restart") and <span class="GINGER_SOFATWARE_correct">verify</span> that<br>

<span class="GINGER_SOFATWARE_correct">you</span> can NOT connect<br>

<span class="GINGER_SOFATWARE_correct">from</span> the <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">vserver</span> to the home box using a different cipher (ssh -l<br>

someuser -c aes128-ctr your.home.ip.here).<br>

A test ssh connection without the "-c aes128-<span class="GINGER_SOFATWARE_correct">ctr</span>" should work, the one<br>

<span class="GINGER_SOFATWARE_correct">with</span> it should fail.<br>

<br>

You would do transfers of important files to and from the <span class="GINGER_SOFATWARE_correct">vserver</span> via<br>

<span class="GINGER_SOFATWARE_correct">an</span> '<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">sftp</span>' session which you start<br>

<span class="GINGER_SOFATWARE_correct">from</span> your <span class="GINGER_SOFATWARE_correct">vserver</span>, and you are connecting into your home machine (<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">sftp</span><br>


someuser@your.home.ip.here).<br>

Don't make the connection in the reverse direction, you can push and<br>

<span class="GINGER_SOFATWARE_correct">pull</span> files with the one. And don't<br>

<span class="GINGER_SOFATWARE_correct">let</span> anyone steal your ssh_host_rsa_4096_key off the home box. (<span class="GINGER_SOFATWARE_correct">could</span><br>

<span class="GINGER_SOFATWARE_correct">even</span> shred/delete/regenerate it<br>

<span class="GINGER_SOFATWARE_correct">now</span> and then). In general, turn off the home <span class="GINGER_SOFATWARE_correct">sshd</span> when you aren't<br>

<span class="GINGER_SOFATWARE_correct">using</span> it.<br>

<br>

The above setup should be pretty good in terms of the network transfer<br>

<span class="GINGER_SOFATWARE_correct">if</span> the data <span class="GINGER_SOFATWARE_correct">hasn't already been</span><br>

<span class="GINGER_SOFATWARE_correct">compromised</span>, of course. The certainty that it hasn't been is not<br>

<span class="GINGER_SOFATWARE_correct">necessarily</span> guaranteed if it's already<br>

<span class="GINGER_SOFATWARE_correct">been</span> thrown through a network card in a less-solid way, such as the<br>

<span class="GINGER_SOFATWARE_correct">contents</span> having been viewed<br>

<span class="GINGER_SOFATWARE_correct">via</span> 'cat', 'nano', etc. <span class="GINGER_SOFATWARE_correct">via</span> a connection in the 'wrong' direction.<br>

<br>

If you are deleting files from your <span class="GINGER_SOFATWARE_correct">vserver's</span> hard drive after copying<br>

<span class="GINGER_SOFATWARE_correct">them</span> out for backup, try doing<br>

"<span class="GINGER_SOFATWARE_correct">shred</span>" on the file first, and then "<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">rm</span>". It may help do the deletion<br>

<span class="GINGER_SOFATWARE_correct">better</span>, depending upon how your <span class="GINGER_SOFATWARE_correct">vserver</span><br>

<span class="GINGER_SOFATWARE_correct">hosting</span> is set up.<br>

<br>

<br>

<br>

<br>

<br>

On Monday 26/08/2013 at 10:53 pm, Tony Xue  wrote:<br>

><br>

><br>

><br>

><br>

><br>

><br>

> Hi,<br>

><br>

> I have been discovering <span class="GINGER_SOFATWARE_correct">simple and secure way</span> of protecting the Tor<br>

> <span class="GINGER_SOFATWARE_correct">key</span> files recently, in order to achieve the safety of the keys on <span class="GINGER_SOFATWARE_correct">VPS</span>.<br>

><br>

> So I created a folder on Linux called /tor and it is stored in the RAM<br>

> <span class="GINGER_SOFATWARE_correct">file</span> system. I put my key file into that folder and link it back to<br>

> <span class="GINGER_SOFATWARE_correct">the</span> data directory folder of Tor. I also backed up the key files in<br>

> <span class="GINGER_SOFATWARE_correct">case</span> my server need to be restarted and the RAM would be cleaned up. I<br>

> <span class="GINGER_SOFATWARE_correct">left</span> the key in RAM for some undesired failures, errors or<br>

> <span class="GINGER_SOFATWARE_correct">configuration</span> which <span class="GINGER_SOFATWARE_correct">need</span> to restart the Tor software.<br>

><br>

> If the server gets down, I would probably do the simple cut and paste<br>

> <span class="GINGER_SOFATWARE_correct">in</span> the SSH client to restore my key files. Or in a higher level way if<br>

> cut&paste is not safe enough.<br>

><br>

> I am not sure whether this is a good way to  protect my key files on a<br>

> VPS. Does anyone have any comment on that or a better way?<br>

><br>

><br>

> Tony<br>

> _______________________________________________<br>

> <span class="GINGER_SOFATWARE_correct">tor</span>-relays mailing list<br>

> <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>

> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>

><br><br>

</blockquote></div><br></div></div></div>