[tor-relays] issues with a fresh new tor server
Tom van der Woerdt
info at tvdw.eu
Sun Aug 21 16:35:26 UTC 2016
Happy to hear you resolved the problem :-)
Side-note wrt your setup :
You're storing the keys on the disk, and while they're removed
immediately after, that potentially leaves them on the physical storage.
Since you're already passing them through ssh, consider just having ssh
do the stdin bit :
cat ~/.cryptoPass | ssh user at host "sudo -u tor e4crypt add_key -S $(cat
~/.cryptoSalt) /var/lib/tor"
The salt will end up in the sudo log (/var/log/secure, usually) but the
password will never hit the disk. No scp needed, and no files to rm
afterwards.
Tom
Op 21/08/16 om 17:44 schreef Toralf Förster:
> On 08/21/2016 03:23 PM, Tom van der Woerdt wrote:
>> Did this work prior to adding encryption, or could that be a red
>> herring?
>
> It was the attempt to encrypt the Tor directory using the ext4 method
> - GRSecurity is fine (works since 2 years like a charm).
> But I mistakenly encrypted it as user "root" - whereas user "tor" was
> the right one.
>
> I described my steps in [1] under "setup".
> I'm pretty convinced that this is an easy method to ensure an attacker
> even with physical access to a server (eg. while changing a defect
> hard disk) can't achieve the secret key.
>
>
> [1] https://www.zwiebeltoralf.de/torserver.html
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160821/5ab7117a/attachment.sig>
More information about the tor-relays
mailing list