im using VMware Ubuntu 16.04 using SSH. im running Exit-Relay and i want to control who can connect to my Exit-Relay, is there a way to do that- though the Exit-Relay settings, or the SSH settings? and there will be an even better way: if i can say who is the specific ip that can connect to me. Thank You!
On 25.04.18 16:55, dave` dave wrote:
im running Exit-Relay and i want to control who can connect to my Exit-Relay, is there a way to do that- though the Exit-Relay settings, or the SSH settings?
I assume by "who can connect" you mean "who can use my Tor node as an exit"? The computer/client who initiates the transfer never connects directly to an exit node, and the exit node never knows from what client request originates. That's a deliberate design decision.
-Ralph
On 4/25/18 10:55, dave` dave wrote:
im using VMware Ubuntu 16.04 using SSH. im running Exit-Relay and i want to control who can connect to my Exit-Relay, is there a way to do that- though the Exit-Relay settings, or the SSH settings? and there will be an even better way: if i can say who is the specific ip that can connect to me. Thank You!
You CAN NOT control who uses your exit relay in circuits.
You CAN control who is allowed to SSH into the machine running the exit relay.
The fact the machine has Tor installed and running on it is completely unrelated. You can control who can SSH into your machine whether or not you're running Tor, or a web server, or a Minecraft sever, or whatever else. Therefore you will find a lot of advice on the Internet if you search this topic and you don't necessarily need to seek out Tor relay operators (or nginx web masters, or Minecraft kids, or whatever).
You can use things like
- a strict firewall - strong SSH passwords - SSH keys - other SSH configuration options - a non-standard SSH port - fail2ban
(Yes, some of these things are a essentially "rate limiting login attempts" instead of literally "control who can even attempt to log in". I think they are still worth mentioning.)
Hope that helps.
Matt
Thank you all for your answers. so if i can't control on the access to my Exit-Relay i can control on the access to my SSH which used to run this Exir-Relay.
On Wed, Apr 25, 2018 at 6:14 PM, Matt Traudt pastly@torproject.org wrote:
On 4/25/18 10:55, dave` dave wrote:
im using VMware Ubuntu 16.04 using SSH. im running Exit-Relay and i want to control who can connect to my Exit-Relay, is there a way to do that- though the Exit-Relay settings, or the SSH settings? and there will be an even better way: if i can say who is the specific ip that can connect to me. Thank You!
You CAN NOT control who uses your exit relay in circuits.
You CAN control who is allowed to SSH into the machine running the exit relay.
The fact the machine has Tor installed and running on it is completely unrelated. You can control who can SSH into your machine whether or not you're running Tor, or a web server, or a Minecraft sever, or whatever else. Therefore you will find a lot of advice on the Internet if you search this topic and you don't necessarily need to seek out Tor relay operators (or nginx web masters, or Minecraft kids, or whatever).
You can use things like
- a strict firewall
- strong SSH passwords
- SSH keys
- other SSH configuration options
- a non-standard SSH port
- fail2ban
(Yes, some of these things are a essentially "rate limiting login attempts" instead of literally "control who can even attempt to log in". I think they are still worth mentioning.)
Hope that helps.
Matt _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 26 Apr 2018, at 01:33, dave` dave daved7082@gmail.com wrote:
Thank you all for your answers. so if i can't control on the access to my Exit-Relay i can control on the access to my SSH which used to run this Exir-Relay.
You asked in another thread how to build a circuit like:
Client - Bridge - Middle - Exit - Website
Where your Bridge and Exit are on the same IP address.
Unless there's some reason you absolutely need to use Tor, you should use a VPN, because you are getting the same level of anonymity. (Not much, if any.)
T
On Wed, Apr 25, 2018 at 6:14 PM, Matt Traudt pastly@torproject.org wrote: On 4/25/18 10:55, dave` dave wrote:
im using VMware Ubuntu 16.04 using SSH. im running Exit-Relay and i want to control who can connect to my Exit-Relay, is there a way to do that- though the Exit-Relay settings, or the SSH settings? and there will be an even better way: if i can say who is the specific ip that can connect to me. Thank You!
You CAN NOT control who uses your exit relay in circuits.
You CAN control who is allowed to SSH into the machine running the exit relay.
The fact the machine has Tor installed and running on it is completely unrelated. You can control who can SSH into your machine whether or not you're running Tor, or a web server, or a Minecraft sever, or whatever else. Therefore you will find a lot of advice on the Internet if you search this topic and you don't necessarily need to seek out Tor relay operators (or nginx web masters, or Minecraft kids, or whatever).
You can use things like
- a strict firewall
- strong SSH passwords
- SSH keys
- other SSH configuration options
- a non-standard SSH port
- fail2ban
(Yes, some of these things are a essentially "rate limiting login attempts" instead of literally "control who can even attempt to log in". I think they are still worth mentioning.)
Hope that helps.
Matt _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
teor:
On 26 Apr 2018, at 01:33, dave` dave daved7082@gmail.com wrote:
Thank you all for your answers. so if i can't control on the access to my Exit-Relay i can control on the access to my SSH which used to run this Exir-Relay.
You asked in another thread how to build a circuit like:
Client - Bridge - Middle - Exit - Website
Where your Bridge and Exit are on the same IP address.
Unless there's some reason you absolutely need to use Tor, you should use a VPN, because you are getting the same level of anonymity. (Not much, if any.)
I'm curious about the specific reason, but assume the OP has it.
Bridges are meant as mitigation against the blocking of known Tor IP addresses. Some nation-states, corporations and providers blocked Tor exit IPs, since again, they are public. All public Tor IPs, including non-exit relays, are also being blocked on occasion. Bridge IPs are not easy to enumerate, and therefore more difficult to block on the IP level.
So to use the same IP address for both a bridge and an exit makes no (usual) sense.
g
tor-relays@lists.torproject.org
-
dave` dave -
George -
Matt Traudt -
Ralph Seichter -
teor