[tor-relays] Running tor in VPS - keep away snooping eyes
kalitor42 at yahoo.com
Wed Jul 2 11:46:07 UTC 2014
> If you are asking how to secure your box better, indeed the public IP
> address list of relays is often scanned and brute forced. That is why
> I recommend:
> - - if you run only Tor on that box is best, if not make sure your apps
> are properly secured (mysql not listening on public IP if it's not a
> remote mysql server, strong passwords for mysql, ftp, etc.).
> - - make sure only ports used by Tor are open. There is no need for
> anything else.
> - - if you use ssh for administration that is fine, just change the port
> from 22 in /etc/ssh/sshd_config to some custom port, anything, like
> 2988 or whatever.
> - - permanently disabled plain password authentication or rhost
> authentication in sshd_config and only allow key-based authentication
> for better security and protection against weak password probing.
> - - do not allow any other users for SSH access.
> Let me know if you have any other questions.
I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
More information about the tor-relays