Re: [tor-relays] Extreme Exit Policy

On Dec 17, 2018, at 22:51, Mirimir <mirimir@riseup.net> wrote:

And sure, I could setup .onion SSH for everything, and that'd arguably be more secure. But sometimes I'm just too lazy for that.

I'm pretty frickin' lazy, but I do this with all my servers. Here's the recipe for Linux/Debian provisioning: -*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*- # cat >>/etc/apt/sources.list deb https://deb.torproject.org/torproject.org stretch main deb-src https://deb.torproject.org/torproject.org stretch main # apt install gnupg2 dirmngr # gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 I've had gpg2 fail, in which case this should work: # gpg --keyserver hkp://pool.sks-keyservers.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 # gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - # apt update # apt install tor deb.torproject.org-keyring edit /etc/tor/torrc, the "hidden services" section, to add: HiddenServiceDir /var/lib/tor/control/ HiddenServicePort 22 127.0.0.1:22 # service tor restart # cat /var/lib/tor/control/hostname Record the onion address for posterity -*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*- The SSH sessions to the .onion address seem pretty darned solid. --Ron