[tor-relays] Moving multiple instances to another VPS

teor teor2345 at gmail.com
Mon Sep 12 23:56:42 UTC 2016 

> On 12 Sep 2016, at 22:41, pa011 <pa011 at web.de> wrote:
> 
> Thank you both.
> 
> @Tim: You would kind of argue, that the advantage of carrying the old keys to the new machine is not that important (to keep old level of traffic from start) and that it might be even better to start from scratch?

There is some value in maintaining the same level of traffic.
But there will be an adjustment to your consensus weight anyway.
In fact, if your new provider is too different (particularly less connected or slower), keeping your old weight would be a disadvantage for the network.

There is also significant value to making a fresh start: new SSH keys and new relay keys mean that even if your old provider has a backup, or your old relay was compromised, or you have a backup of your keys, it's not much use to anyone. Particularly on an exit, your traffic will recover fairly quickly.

It's completely up to you - I just wanted to describe the security advantages of a fresh start, versus the traffic advantages (or disadvantages) of keeping the same relay keys.

Tim

> 
> Paul
> 
> 
> Am 12.09.2016 um 03:53 schrieb teor:
> 
>> In Debian, using tor-instance-create and systemd, there is a separate directory, /var/lib/tor-instances
>> You'll need to copy both /var/lib/tor and /var/lib/tor-instances to preserve the keys, and /etc/tor to preserve the configs.
>> 
>> That said, please consider rotating keys when you move (that is, only copying /etc/tor).
>> 
>> If your old relay or those keys were ever compromised, you'll have a fresh start.
>> And even if it wasn't, some of your network reputation will be reset when you move IP addresses anyway.
>> 
>> Tim
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160913/c8442552/attachment.sig>

More information about the tor-relays mailing list