[tor-relays] Moving multiple instances to another VPS

[nusenu]

> There is also significant value to making a fresh start: new SSH keys
> and new relay keys mean that even if your old provider has a backup,
> or your old relay was compromised, or you have a backup of your keys,
> it's not much use to anyone. Particularly on an exit, your traffic
> will recover fairly quickly.
> 
> It's completely up to you - I just wanted to describe the security
> advantages of a fresh start, versus the traffic advantages (or
> disadvantages) of keeping the same relay keys.


I just wanted to add that if you run in "OfflineMasterKey 1"
mode (and your master key never touched your VPS) you can move to a new
VPS (keeping your keys) without big second thoughts about the key
secrecy, since the old ISP will loose key access as soon as they expire
(30 by default).

ansible-relayor sets your relays up in OfflineMasterKey mode.
https://github.com/nusenu/ansible-relayor

also: Moving (multiple) tor instances to a new server is a matter of
four steps with ansible-relayor:

1) ansible-relayor your-playbook.yml -t createdir -l newserver
2) mv -T ~/.tor/offlinemasterkeys/old-instance-name
~/.tor/offlinemasterkeys/new-instance-name
3) -> destroy your old VPS
4) ansible-relayor your-playbook.yml -l newserver

Since temporary keys will not be migrated, your relay will require a few
hours to

As long as tor requires (online) RSA keys (not protected by
"OfflineMasterKey 1") - that will be a long time - you can at least
protect the Ed25519 master key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161012/0c4035c0/attachment.sig>