[tor-relays] Combined relay and hidden service, good idea or not?

grarpamp grarpamp at gmail.com
Wed Jan 10 23:08:17 UTC 2018

>> So assuming I just want to run SSH on some port on an .onion on the
>> relay, what is the downside there? Just wondering if for that usecase,
>> SSH to login remotely on to the relay would still have any disadvantages
>> that I missed to consider

The relay is on clearnet in consensus, thus observable,
attackable, correlatable, influenceable, patternable, DoSable,
offlineable, rebootable, etc.

If the onion is running on the relay and

- its onion address is known to anyone else other than you,
by or for any reason, including via v2 HSDir harvesting,
the node is generally findable in time by them via correlation
to above relay *ables [1].

- its onion address is only known to you, including by requirement
of using only v3 onion addressing which claims HSDir unharvestability,
then you stand a better chance, perhaps even a strong one.

Adding an HsFootShoot config knob before tor will enable
"HS + any other public mode of operation" seems potentially helpful.


Not much different than a client and some guards
being used to find a HS over time.

Or if all else fails, sequentially troll up to the entire allocated
v4/v6 space till the services drop (this could already be in use
against well and narrowly chosen likely subsets of hosts).

More information about the tor-relays mailing list