[tor-talk] VPS provider

SiNA Rabbani sina at redteam.io
Tue Sep 25 22:19:31 UTC 2012 

You cam lock down your .onion using this feature:


HiddenServiceAuthorizeClient auth-type client-name,client-name,…

If configured, the hidden service is accessible for authorized clients
only. The auth-type can either be 'basic' for a general-purpose
authorization protocol or 'stealth' for a less scalable protocol that
also hides service activity from unauthorized clients. Only clients that
are listed here are authorized to access the hidden service. Valid
client names are 1 to 19 characters long and only use characters in
A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is
not accessible for clients without authorization any more. Generated
authorization data can be found in the hostname file. Clients need to
put this authorization data in their configuration file using HidServAuth.

As far as getting a linux box with SSH, there are already some good
recommendations in this email thread.


--SiNA

On 09/25/2012 03:10 PM, Webmaster wrote:
> This was something that has bothered me.   I use VmBox for linux   When
> Im running a machine there is a windows that shows me a "preview" of the
> current screen.   Do admins have access to this "preview"     or
> something similar?
> 
> I intend to run a linux server console only. (no gui)   so most of my
> work will be done using SSH.  The only viewable page would be under the
> .onion site.       Hopefully as long as the admins dont know the
> .onion.   they cant see whats hosted.     Non-illegal, but may be
> offensive in some countries.
> 
> 
> On 09/25/2012 04:00 PM, irregulator at riseup.net wrote:
>> On 09/25/2012 10:18 PM, Matthew Finkel wrote:
>>> On 09/25/2012 01:42 PM, Flo wrote:
>>>> +1
>>>> This.
>>>>
>>>> The problem is especially on container-virtualizations like OpenVZ is
>>>> that the admins of the hostnodes must just type something like 'vzctl
>>>> enter 123' and they have a shell in your VPS...
>>>>
>>>> So you should have at least Xen/KVM where you can use encryption
>>> Yes! Sadly there aren't too many KVM hosts, but providers are slowly
>>> offering more options. Xen has been stable for a longer amount of time,
>>> so there are more options available for that, Linode, et al.
>>>
>>> I personally have KVM boxes from http://buyvm.net/ and
>>> http://arpnetworks.com/, at times they leave something to be desired
>>> with regard to performance, but overall I have no complaints related to
>>> service or uptime. I don't currently use them for Tor related purposes,
>>> but if they're not going to serve as exit nodes, anything else shouldn't
>>> cause a  problem (except bandwidth, as was noted). I'm planning to
>>> contact them in the future to determine their stance on Tor and see if I
>>> can move forward with some ideas I have, but that remains to be seen.
>>>
>> Hey people
>>
>> I was under the impression that everyone having physical access to a
>> running machine can get access to the operating system as well.
>> Encryption makes no difference for a running computer, since cold boot
>> attack may be used to dump the keys from memory. What's more, in a
>> virtualization environment i guess that would be easier.
>>
>> If the above statements are generally correct, then you should trust a
>> VPS provider, as long as you trust the administrator of the host machine
>> *and* everyone else having physical access to it (for example the
>> datacenter).
>>
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>>
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list