Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CryptoParty Tor Relay Workshop
==============================
This document provides instructions for launching a virtual machine and configuring it as a Tor relay
The guide was created for the CryptoParty workshop on the 11/10/2016 in Sydney
More: https://www.meetup.com/CryptoParty-Sydney/events/234228287/
Launching a Virtual Machine
---------------------------
1. Visit https://www.vultr.com/register/?register_promo=50for60 to register a new user account
Promo: Get +$50 for 60 days
Alternatively (affiliate link): http://www.vultr.com/?ref=6952471-3B
Promo: Get +$20 when you spend $10
Disclosure: Gabor gets $30 for the referral from Vultr, it supports https://privacyforjournalists.org.au
2. Verify email address
3. Link credit card or PayPal account under 'Billing' on https://my.vultr.com/billing/
4. Apply promo code on 'Billing' at https://my.vultr.com/billing/
Promo Codes
+++++++++++
NGINX20: +$20.00
GIVEME10: +$10.00
5. Go to https://my.vultr.com/deploy/ to launch a new virtual machine (VM)
Configure the VM as the following:
1. Server Location: Sydney
2. Server Type: Ubuntu 16.04 x64
3. Server Size: 15 GB SSD for $5/mo
4. Additional Features: Enable IPv6
5. Startup Script: none
6. SSH Keys: none (you can add later)
7. Server Hostname: myrelay
Server Label: tor
6. Click on 'Deploy Now' button at the bottom to launch the VM
7. Go to 'Servers' at https://my.vultr.com/
8. Click on your new server to open its details
9. Click on the 'eye' icon in the bottom-left corner to reveal the 'root' password
10. Take note of your SSH login details
IP Address: <shown on the server details page>
Username: root
Password: <as shown at step #9>
Configuring the Operating System
--------------------------------
1. Log into your VM with SSH
Scroll down to the bottom if you need help with SSH clients
2. Upgrade Ubuntu OS
# apt-get update && apt-get dist-upgrade -y
If this fails with "E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?", it means that the packages are already updated automatically in the background. Wait a few minutes and try again.
3. Configure auto-upgrade
# apt-get install unattended-upgrades -y
# dpkg-reconfigure --priority=low unattended-upgrades
Choose 'Yes' when prompted and press 'Enter' for the default settings
4. Install Tor
Add the Tor software repository to Ubuntu:
# echo 'deb http://deb.torproject.org/torproject.org xenial main' >> /etc/apt/sources.list.d/tor.list
# echo 'deb-src http://deb.torproject.org/torproject.org xenial main' >> /etc/apt/sources.list.d/tor.list
Then add the gpg key used to sign the packages by running the following commands at your command prompt:
# gpg --keyserver keys.gnupg.net --recv 886DDD89
# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
You can install it with the following commands:
# apt-get update && apt-get install tor tor-arm deb.torproject.org-keyring -y
Configure Tor as a Relay
------------------------
1. Rename the default Tor configuration file
# mv /etc/tor/torrc /etc/tor/torrc.default
2. Open /etc/tor/torrc with your favourite text editor and add the following:
RunAsDaemon 1
ORPort 9001
DirPort 9030
Nickname blah
AccountingMax 950 GBytes
AccountingStart month 1 00:01
ContactInfo John Doe <blah@example.com>
ExitPolicy reject *:* # no exits allowed
!!! *Important*: Change 'Nickname' and 'ContactInfo' !!!
Note: The email address in the 'ContactInfo' is public. We suggest to obscure the email addresses to avoid spam harvesting.
3. Save the configuration file and exit the editor
4. Start the Tor service
# systemctl stop tor
# systemctl start tor
5. Verify if the relay is starting up properly by monitoring the log file
# tail -f /var/log/tor/log
You should have "[notice] Bootstrapped 100%: Done" in the log file if everything is working a-okay.
6. Confirm Tor is running with the 'arm' utility
# arm
You can exit the utility by pressing 'q'
Check out your relay on Tor Atlas
---------------------------------
1. Get the Tor relay fingerprint with the following command
# cat /var/lib/tor/fingerprint
The fingerprint is the second block of long string of letters and numbers
2. Open the following URL in your browser:
https://atlas.torproject.org/#details/<fingerprint from step #1>
It may take up to 2-4 hours for your server to appear in Atlas. You should be able to find it by searching for its nickname set by the 'Nickname' parameter in /etc/tor/torrc
SSH Clients
-----------
macOS and Linux:
Open Terminal and enter the following:
$ ssh -lroot <ip address>
Windows:
Download putty.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Homework
--------
- Give @CryptoPartySyd and @Torproject a shout out on Twitter about your new Tor relay
- Change the 'root' password
- Add your SSH public key and disable password authentication
- Set up server monitoring (NewRelic, Uptime Robot)
- Patch Ubuntu manually on a regular basis (unattended-upgrades does not apply every available update)
- Secure your Vultr account with two-factor authentication (https://www.vultr.com/docs/using-two-factor-authentication-to-login-to-vultr-control-panel)
- Add swap (https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity#EncryptStorageandSwapSpace)
- Configure firewall (iptables)
- Protect Ubuntu with two-factor authentication (https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-14-04)
- Forward OS logs to a remote location (Loggly, Papertrail)
- Secure the Tor agent with AppArmor
- Backup Tor private keys (https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys#Backupyourkeys)
- Get involved and join the Tor community (https://www.torproject.org/about/contact.html.en)
- Join the CyrptoParty Sydney Telegram channel (https://telegram.me/CryptoPartySyd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.