I need some help. My dedicated server is running debian and is new, set up by my serverhoster. I want to run a TOR-Relay: - It should always update to latest stable automatically. - It should be save. I will edit the torrc by myself. What i need is simple copy+paste codeline for: - isntall and run functional auto-update for tor (is it libevent?) just simply @root user without user/pgp dealing stuff. pgp stuff is confusing me! - deactivate complete access (ssh disable?) to ensure savety (i have to reinstall the system by serverhoster-website if change needet) i want to lock out even myself. Is this a practical idea to most easy set-up and let run without struggle? Please help, thanks.
Hi ! You can try a mix between this (ultra simple), from https://www.torproject.org/docs/debian.html.en : You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/: deb http://deb.torproject.org/torproject.org wheezy main deb-src http://deb.torproject.org/torproject.org wheezy main gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - apt-get update apt-get install tor deb.torproject.org-keyring This will make your "apt-get" using the last table version of Tor from the Tor Project servers, with signatures check making sure that no one "car jacked" the server before you download from it ;) You will have to find a way to make your "apt-get update" and "apt-get -y upgrade" automatic, may be "reboot" too (when kernel have been updated for example, but here I cannot say precisely how to know if you have to reboot !) And a second link, that can give you a lot of tips also http://www.torservers.net/wiki/setup/server Including disabling password authentification, but if you want to completely lock your server, a good way could be to make "/etc/init.d/ssh" unable to run (you delete the "x" permission for example) After the reboot, you will not be able to connect anymore using SSH on your server, and you will have to use tools from your ISP if you want to drive your server again ! Personnaly, I always do a minimalist installation in order to have nothing else than OpenSSH listening (and Tor, of course !). Because if others things that I don't know (rpc bind port 111 etc) are listening I'm not sure that I have everything into control. ----- Mail original ----- De: tor-server-creator@use.startmail.com À: tor-relays@lists.torproject.org Envoyé: Samedi 18 Avril 2015 12:06:07 Objet: [tor-relays] simple relay setup I need some help. My dedicated server is running debian and is new, set up by my serverhoster. I want to run a TOR-Relay: - It should always update to latest stable automatically. - It should be save. I will edit the torrc by myself. What i need is simple copy+paste codeline for: - isntall and run functional auto-update for tor (is it libevent?) just simply @root user without user/pgp dealing stuff. pgp stuff is confusing me! - deactivate complete access (ssh disable?) to ensure savety (i have to reinstall the system by serverhoster-website if change needet) i want to lock out even myself. Is this a practical idea to most easy set-up and let run without struggle? Please help, thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
If you want this to run mostly hands-off, please install and properly configure the Debian package "unattended-upgrades". Make sure all the packages on the system are updated automatically, not only Tor! Verify that this actually happens. (One thing I learned in the past is that without the package "update-notifier-common", your system won't reboot automatically to activate new kernels.) Locking yourself out of the system doesn't sound like a good idea. (Sometimes kernels are installed on a relatively small /boot partition, you will occasionally have to login and remove old kernels in that case.) Disable password logins and use a SSH key with a good passphrase on it. Best regards, Alexander --- PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B Jabber: alexander@ffnord.net On 2015-04-18 12:06, tor-server-creator@use.startmail.com wrote:
I need some help. My dedicated server is running debian and is new, set up by my serverhoster.
I want to run a TOR-Relay: - It should always update to latest stable automatically. - It should be save.
I will edit the torrc by myself. What i need is simple copy+paste codeline for: - isntall and run functional auto-update for tor (is it libevent?) just simply @root user without user/pgp dealing stuff. pgp stuff is confusing me! - deactivate complete access (ssh disable?) to ensure savety (i have to reinstall the system by serverhoster-website if change needet) i want to lock out even myself.
Is this a practical idea to most easy set-up and let run without struggle? Please help, thanks.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]
Links: ------ [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
Alexander Dietrich -
Julien ROBIN -
tor-server-creator@use.startmail.com