4 Aug
2016
4 Aug
'16
8:27 p.m.
I'd say the normal server hardening precautions apply. Off the top of my head:
- keep software/packages up to date - only use public-key authentication for ssh / disable password-based auth - optionally change the ssh port (it just avoids the worst of the port scanning / brute force attempts) - limit the number of services running on your relays (ideally only run Tor and supporting services (i.e., maybe dns) - firewall off (deny) everything except DirPort/ORPort/ssh