<html>
<head>
<style>
 .sw_message P{margin:0px;padding:0px;}
 .sw_message {FONT-SIZE: 12pt;FONT-FAMILY:Tahoma,Arial,Helvetica,sans-serif;background:white;}
 .sw_message blockquote{margin-left:5px;padding-left:5px;border-left:2px solid #144fae;color: #144fae;}
 .sw_message blockquote blockquote{border-left:2px solid #006312;color: #006312;}
 .sw_message blockquote blockquote blockquote{border-left:2px solid #8e5656;color: #8e5656;}
 .sw_message blockquote blockquote blockquote blockquote{border-left:2px solid #888;color: #888;}
</style>
</head>
<body class="sw_message">
<div>If you can execute shell commands directly from the <br>ram folder (ssh, sftp) and therefore pull files <br>straight into it with sftp, this seems exactly right.<br><br>It sounds like you'll only need the secure connection <br>on an occasional/rare basis. Imo don't try for an <br>always-on connection for that such as a vpn.<br><br>Whichever way you do, you'll want to pay attention<br>to where the important encryption keys reside. At <br>least in general (and maybe even specifically), we <br>know that encrypted data is being snatched off the <br>wire and retained. In the case of sshd, you would <br>want your sshd daemon keys to live on the machine <br>with the more-secure storage medium and use the<br>vserver as the client. For a vpn or similar you'd<br>need to look at exactly how it works and decide<br>if there is a right way and if so, what it is.<br><br>Hopefully the only thing you feel there is a need to<br>protect from is improper read access. If someone can<br>write to your vserver as root, that would be a Very Bad<br>Thing (TM).<br><br>Sorry about the strange/disjointed line feeds in my <br>first email btw, not sure why that happens. I'm <br>trying short lines now, seeing if it works better. <br>If you add linefeeds to what I wrote before where it<br>makes sense, it may be easier to read.</div><div> </div><div id="editor_signature"></div><div>On Tuesday 27/08/2013 at 12:38 am, Tony Xue  wrote: </div><blockquote type="cite"><div><div>Thanks for the instructions.</div><div><br></div>So what if I set up an L2TP VPN connection from my server to my computer at home which stores the keys and I download the file directly into the RAM folder?<div><br></div><div>The purpose is to avoid storing the file or let the file passing through the local normal storage system on my <span class="GINGER_SOFATWARE_correct">vserver</span> which could be extremely insecure in this situation.</div><div><br></div><div>So will any of these techniques you have described or I stated above let my data passing through the local ROM storage system of the <span class="GINGER_SOFATWARE_correct">vserver</span>?<br><div class="gmail_extra"><br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>Date: Tue, 27 Aug 2013 00:14:36 -0400<br>From: <a target="_blank" href="mailto:tor@t-3.net">tor@t-3.net</a><br>To: <<a target="_blank" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>><br>Subject: Re: [tor-relays] Store key files in RAM<br>Message-ID: <<a target="_blank" href="mailto:521c27ac.570.f998d700.49849df@t-3.net">521c27ac.570.f998d700.49849df@t-3.net</a>><br>Content-Type: text/plain; charset="us-<span class="GINGER_SOFATWARE_correct">ascii</span>"; Format="flowed"<br><br>IMO cut and paste in the situation you're describing is not the<br><span class="GINGER_SOFATWARE_correct">perfect</span> way. <span class="GINGER_SOFATWARE_correct">Better way</span> would be:<br><br>Have a secure <span class="GINGER_SOFATWARE_correct">linux</span> machine running <span class="GINGER_SOFATWARE_correct">an</span> <span class="GINGER_SOFATWARE_correct">sshd</span> at your home (or another<br><span class="GINGER_SOFATWARE_correct">physically</span>-controlled location?).<br>Close off iptables and ip6tables for inbound <span class="GINGER_SOFATWARE_correct">sshd</span> except for <span class="GINGER_SOFATWARE_correct">your</span><br><span class="GINGER_SOFATWARE_correct">vserver's</span> IP<br>(<span class="GINGER_SOFATWARE_correct">hint</span>: "ssh-keygen -t <span class="GINGER_SOFATWARE_correct">rsa</span> -f /etc/ssh/ssh_host_rsa_4096_key -b 4096"<br>(<span class="GINGER_SOFATWARE_correct">don't</span> put a password when it asks))<br><span class="GINGER_SOFATWARE_correct">and</span> edit sshd_config to point it to the new key. Also in the config,<br><span class="GINGER_SOFATWARE_correct">force</span> your local <span class="GINGER_SOFATWARE_correct">sshd</span><br><span class="GINGER_SOFATWARE_correct">server</span> to insist upon only using these 2 ciphers ("Ciphers<br>aes256-ctr,aes256-cbc").<br>Restart the local <span class="GINGER_SOFATWARE_correct">sshd</span> (maybe "service sshd restart") and <span class="GINGER_SOFATWARE_correct">verify</span> that<br><span class="GINGER_SOFATWARE_correct">you</span> can NOT connect<br><span class="GINGER_SOFATWARE_correct">from</span> the <span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">vserver</span> to the home box using a different cipher (ssh -l<br>someuser -c aes128-ctr your.home.ip.here).<br>A test ssh connection without the "-c aes128-<span class="GINGER_SOFATWARE_correct">ctr</span>" should work, the one<br><span class="GINGER_SOFATWARE_correct">with</span> it should fail.<br><br>You would do transfers of important files to and from the <span class="GINGER_SOFATWARE_correct">vserver</span> via<br><span class="GINGER_SOFATWARE_correct">an</span> '<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">sftp</span>' session which you start<br><span class="GINGER_SOFATWARE_correct">from</span> your <span class="GINGER_SOFATWARE_correct">vserver</span>, and you are connecting into your home machine (<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">sftp</span><br>someuser@your.home.ip.here).<br>Don't make the connection in the reverse direction, you can push and<br><span class="GINGER_SOFATWARE_correct">pull</span> files with the one. And don't<br><span class="GINGER_SOFATWARE_correct">let</span> anyone steal your ssh_host_rsa_4096_key off the home box. (<span class="GINGER_SOFATWARE_correct">could</span><br><span class="GINGER_SOFATWARE_correct">even</span> shred/delete/regenerate it<br><span class="GINGER_SOFATWARE_correct">now</span> and then). In general, turn off the home <span class="GINGER_SOFATWARE_correct">sshd</span> when you aren't<br><span class="GINGER_SOFATWARE_correct">using</span> it.<br><br>The above setup should be pretty good in terms of the network transfer<br><span class="GINGER_SOFATWARE_correct">if</span> the data <span class="GINGER_SOFATWARE_correct">hasn't already been</span><br><span class="GINGER_SOFATWARE_correct">compromised</span>, of course. The certainty that it hasn't been is not<br><span class="GINGER_SOFATWARE_correct">necessarily</span> guaranteed if it's already<br><span class="GINGER_SOFATWARE_correct">been</span> thrown through a network card in a less-solid way, such as the<br><span class="GINGER_SOFATWARE_correct">contents</span> having been viewed<br><span class="GINGER_SOFATWARE_correct">via</span> 'cat', 'nano', etc. <span class="GINGER_SOFATWARE_correct">via</span> a connection in the 'wrong' direction.<br><br>If you are deleting files from your <span class="GINGER_SOFATWARE_correct">vserver's</span> hard drive after copying<br><span class="GINGER_SOFATWARE_correct">them</span> out for backup, try doing<br>"<span class="GINGER_SOFATWARE_correct">shred</span>" on the file first, and then "<span class="GINGER_SOFATWARE_noSuggestion GINGER_SOFATWARE_correct">rm</span>". It may help do the deletion<br><span class="GINGER_SOFATWARE_correct">better</span>, depending upon how your <span class="GINGER_SOFATWARE_correct">vserver</span><br><span class="GINGER_SOFATWARE_correct">hosting</span> is set up.<br><br><br><br><br><br>On Monday 26/08/2013 at 10:53 pm, Tony Xue  wrote:<br>><br>><br>><br>><br>><br>><br>> Hi,<br>><br>> I have been discovering <span class="GINGER_SOFATWARE_correct">simple and secure way</span> of protecting the Tor<br>> <span class="GINGER_SOFATWARE_correct">key</span> files recently, in order to achieve the safety of the keys on <span class="GINGER_SOFATWARE_correct">VPS</span>.<br>><br>> So I created a folder on Linux called /tor and it is stored in the RAM<br>> <span class="GINGER_SOFATWARE_correct">file</span> system. I put my key file into that folder and link it back to<br>> <span class="GINGER_SOFATWARE_correct">the</span> data directory folder of Tor. I also backed up the key files in<br>> <span class="GINGER_SOFATWARE_correct">case</span> my server need to be restarted and the RAM would be cleaned up. I<br>> <span class="GINGER_SOFATWARE_correct">left</span> the key in RAM for some undesired failures, errors or<br>> <span class="GINGER_SOFATWARE_correct">configuration</span> which <span class="GINGER_SOFATWARE_correct">need</span> to restart the Tor software.<br>><br>> If the server gets down, I would probably do the simple cut and paste<br>> <span class="GINGER_SOFATWARE_correct">in</span> the SSH client to restore my key files. Or in a higher level way if<br>> cut&paste is not safe enough.<br>><br>> I am not sure whether this is a good way to  protect my key files on a<br>> VPS. Does anyone have any comment on that or a better way?<br>><br>><br>> Tony<br>> _______________________________________________<br>> <span class="GINGER_SOFATWARE_correct">tor</span>-relays mailing list<br>> <a target="_blank" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>><br><br></blockquote></div><br></div></div></div>_______________________________________________<br>tor-relays mailing list<br>tor-relays@lists.torproject.org<br><a target="_blank" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br><br></blockquote><br> 
</body></html>