[tor-relays] control who can connect me

[dave` dave]

Thank you all for your answers.
so if i can't control on the access to my Exit-Relay i can control on the
access to my SSH which used to run this Exir-Relay.

On Wed, Apr 25, 2018 at 6:14 PM, Matt Traudt <pastly at torproject.org> wrote:

> On 4/25/18 10:55, dave` dave wrote:
> > im using VMware Ubuntu 16.04 using SSH.
> > im running Exit-Relay and i want to control who can connect to my
> > Exit-Relay, is there a way to do that- though the Exit-Relay settings,
> > or the SSH settings?
> > and there will be an even better way: if i can say who is the specific
> > ip that can connect to me.
> > Thank You!
> >
>
> You CAN NOT control who uses your exit relay in circuits.
>
> You CAN control who is allowed to SSH into the machine running the exit
> relay.
>
> The fact the machine has Tor installed and running on it is completely
> unrelated. You can control who can SSH into your machine whether or not
> you're running Tor, or a web server, or a Minecraft sever, or whatever
> else. Therefore you will find a lot of advice on the Internet if you
> search this topic and you don't necessarily need to seek out Tor relay
> operators (or nginx web masters, or Minecraft kids, or whatever).
>
> You can use things like
>
> - a strict firewall
> - strong SSH passwords
> - SSH keys
> - other SSH configuration options
> - a non-standard SSH port
> - fail2ban
>
> (Yes, some of these things are a essentially "rate limiting login
> attempts" instead of literally "control who can even attempt to log in".
> I think they are still worth mentioning.)
>
> Hope that helps.
>
> Matt
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180425/ef940e52/attachment.html>