[tor-relays] keypair does not match its older value
Roger Dingledine
arma at mit.edu
Tue Jun 20 22:06:53 UTC 2017
On Tue, Jun 20, 2017 at 11:04:31PM +0100, Alexander Nasonov wrote:
> I tried moving a tor relay with offline master key to a new host but
> something went wrong and it printed several warnings:
>
> http status 400 ("Looks like your keypair does not match its older value.") response from dirserver
This complaint happens when in the past you ran the relay with a given
RSA identity key and ED identity key, and now one of them has changed.
> What did I screw up and how to fix this problem if it happends again?
Either move back to both of the original identity keys, or discard both
identity keys and start fresh.
> I suspect it will happen again because I generate a new signing key more
> frequently than necessary. I create '15 days' key every week and upload
> it (over onion ssh connection). This scheme should be resistant to
> occasional upload failures but it's not clear which of the last three
> signing keys to use on restart. If passing the wrong key can bring down
> the relay I need to switch to a different scheme.
In theory (i.e. assuming no surprising bugs), updating your signing key
should not be relevant here.
(Thanks for running a relay!)
--Roger
More information about the tor-relays
mailing list