[tor-relays] Running tor in VPS - keep away snooping eyes
s7r at sky-ip.org
Wed Jul 2 10:59:46 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 7/2/2014 9:50 AM, Kali Tor wrote:
> Are there anything special that needs to be done to make sure that
> Tor nodes running inside VMs (VPS) is protected from snooping eyes?
> Since there is hardly any data at rest I am assuming not, but then,
> what do I know!:)
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org
I don't understand what exactly you mean, snooping eyes.Anyone can see
at anytime that the VPS in questions is a Tor relay. 1 method is by
seeing the traffic it generates and second is the consensus data in
the Tor network, where all relays IP addresses are listed. This should
not be a problem whatsoever, Tor is not designed to hide the fact that
you use it or that you run a Tor relay. It is designed to offer
anonymity and privacy in activity, not if you use it or not.
If you are asking how to secure your box better, indeed the public IP
address list of relays is often scanned and brute forced. That is why
- - if you run only Tor on that box is best, if not make sure your apps
are properly secured (mysql not listening on public IP if it's not a
remote mysql server, strong passwords for mysql, ftp, etc.).
- - make sure only ports used by Tor are open. There is no need for
- - if you use ssh for administration that is fine, just change the port
from 22 in /etc/ssh/sshd_config to some custom port, anything, like
2988 or whatever.
- - permanently disabled plain password authentication or rhost
authentication in sshd_config and only allow key-based authentication
for better security and protection against weak password probing.
- - do not allow any other users for SSH access.
Let me know if you have any other questions.
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the tor-relays