Re: [tor-relays] Extreme Exit Policy

On Dec 17, 2018, at 22:51, Mirimir mirimir@riseup.net wrote:

And sure, I could setup .onion SSH for everything, and that'd arguably be more secure. But sometimes I'm just too lazy for that.

I'm pretty frickin' lazy, but I do this with all my servers. Here's the recipe for Linux/Debian provisioning:

-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

# cat >>/etc/apt/sources.list

deb https://deb.torproject.org/torproject.org stretch main deb-src https://deb.torproject.org/torproject.org stretch main # apt install gnupg2 dirmngr

# gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

I've had gpg2 fail, in which case this should work: # gpg --keyserver hkp://pool.sks-keyservers.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

# gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

# apt update

# apt install tor deb.torproject.org-keyring

edit /etc/tor/torrc, the "hidden services" section, to add: HiddenServiceDir /var/lib/tor/control/ HiddenServicePort 22 127.0.0.1:22 # service tor restart

# cat /var/lib/tor/control/hostname

Record the onion address for posterity

-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-

The SSH sessions to the .onion address seem pretty darned solid.

--Ron