Hello, Nathaniel Suchy wrote: > Consider the consequences of publishing the actual addresses. The number of > addresses is fine but the actual addresses should stay private for privacy > and security reasons. > > I’m aware there are crawers looking for new services to show however if the > address is kept private only rouge HSDIRs are an issue and we can always > generate new addresses and delete the old keys. > > I am running some Onion Services for SSH (clearnet disabled, you’ll need to > be physically present if Tor has an issue!) and while I require SSH Keys > it’d open a huge attack surface I’m trying to avoid. It’s basicaly an > attempt at security by really advanced obscurity. >
Relying on the fact that nobody can ever learn the onion addresses you have is a terrible security policy. This can be never guaranteed, as relays are public and anyone can run one, thus become hidden service directory as soon it meets the necessary flags. You should be prepared and assume the onion address is known, thus defend with ssh keys instead of weak passwords, possibly even change the default port (this does not add security but bypasses some automated brute force tools, it's no help for targeted manual attack so don't rely either). There are other techniques lower at little-t-tor protocol level that suite your concerns, like HiddenServiceAuthorizeClient - you should better look into those if you are concerned about someone trying to connect to your onion address. These are neat for some services that need privacy and need to not advertise to the unauthorized access users that they are online up and running or only allow limited access to some users that provide additional credentials or auth material other than just knowing the onion address. Onion addresses have the purpose to conceal the physical (IP) location of the service, but the addresses themselves have to be prepared to be known to the world, for a strong security policy. Tor documentation clearly states this. If you open ssh on an onion address and you allow root login with password "1234" IT IS NOT Tor's FAULT YOU WERE PWNED. It is just a terrible security policy. Do not do this. *Hope for the best, prepare for the worst!*
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk