-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathanonymous-server.html
More file actions
196 lines (150 loc) · 8.48 KB
/
anonymous-server.html
File metadata and controls
196 lines (150 loc) · 8.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Manage a server anonymously</title>
<!-- Bootstrap -->
<link href="bower_components/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="blog.css" rel="stylesheet">
</head>
<body>
<header class="navbar navbar-static-top bs-docs-nav">
<div class="container">
<div class="navbar-header">
<a href="index.html" class="navbar-brand">Anonoblog</a>
</div>
<div class="navbar navbar-static-top bs-docs-nav">
<ul class="nav navbar-nav">
<li class="active"> <a href="index.html">Home</a> </li>
<li> <a href="hidden-service.html">Set up a hidden service</a> </li>
<li> <a href="fancy-dot-onion.html">Get a fancy .onion name</a> </li>
<li> <a href="anonymous-server.html">Manage a server anonymously</a></li>
<li> <a href="scan-for-leaks.html">Scan for leaks</a></li>
</ul>
</div>
</div>
</header>
<div class="bs-docs-header">
<div class="container">
<h1>Hello, Tor!</h1>
<div>Creating and running a Tor hidden service anonymously</div>
</div>
</div>
<div class="main-content">
<div class="container">
<p>
<h2>Your web host doesn't need to know who you are</h2>
<p>
Your hosting provider keeps logs and records who controls what servers. If your server is identified or completely compromised, you want to be sure that it's not tied to your real identity.
</p>
<p>
We have to treat the hosting provider and payment processor as if they are completely compromised from day 1. Paying with a credit card would lead a trail directly to your real address.
</p>
<h2>Install the Tor Browser Bundle</h2>
<p>
Throughout this whole process you should be using the Tor Browser Bundle for all of your web browsing and searching.</p>
<p>
You must keep your Tor identity seperate from your real identity. If you've set up any kind of account while browsing on Tor, never log into it from your normal browser. Never log into your personal email account from Tor. The idea is to keep your public and anonymous profiles completely separate.
</p>
<p>For more on using Tor for browsing, see Tor's <a href="https://www.torproject.org/download/download-easy.html.en#warning">"Want Tor to really work?"</a> warnings.</p>
<p>
Download the <a href="https://www.torproject.org/projects/torbrowser.html">Tor Browser Bundle</a> (or ask for a USB stick).
</p>
<h2>Get a new email address</h2>
<p>
Using the Tor browser, create a new email address.
</p>
<p>
You should only ever log in to this account through Tor. Please, for the love of Cthulhu, don't sign up using your real email address.
</p>
<p>
Most email providers require SMS or credit card verification when signing up with Tor (either of which will identify you).
</p>
<p>
Use a disposable email address from a provider like <a href="https://10minutemail.com/">10minutemail.com</a>. Bear in mind these services are often blocked by hosting providers; this one is confirmed to be working as of 15/3/17.
</p>
<h2>Get a virtual server</h2>
<h3>If you don't have bitcoin</h3>
<p>If you want to skip this part of the workshop, you can simply register for a virtual server provider like <a href="https://www.linode.com/">Linode</a> or <a href="https://www.digitalocean.com/">DigitalOcean</a> using a credit card (note that this creates a link to your real identity).</p>
<p>
Ideally, you should pay for your server with bitcoin in a way that doesn't reveal your bitcoin address. But setting up a bitcoin wallet might take a while, and you'll need someone to transfer you some funds to get you started .</p>
<p>
If you want to take the time to set up a bitcoin wallet, you'll need to choose a bitcoin wallet provider that you trust.
<p>
Bitcoin is a pseudo-anonymous cryptocurrency. Transaction history of accounts is completely public but bitcoin accounts aren't necessarily tied to real identities. To use Bitcoin anonymously, you could get a bitcoin account that's not tied to your real identity... but that's tricky. Australian sites make you upload ID when you buy bitcoin.
</p>
<p>
Fortunately, some wallets offer privacy-enhancing features that go some way to anonymising your transactions. A full analysis is out of scope for this workshop.
</p>
<p>
There are some options here: <a href="https://bitcoin.org/en/choose-your-wallet">Choose Your Wallet</a> (look for "improved privacy"). Alternatively, check out <a href="https://samouraiwallet.com">Samourai Wallet</a> (Android only, Alpha) or <a href="https://breadwallet.com">Bread Wallet</a> (iOS and Android).
</p>
<p>
When you have a wallet, you'll have to ask someone else to transfer you some bitcoin (so you can get it immediately). In future you can use <a href="https://localbitcoins.com/">LocalBitcoins</a> to trade cash for bitcoins.
</p>
<h3>If/when you have some bitcoin...</h3>
<p>
Sign up for <a href="https://dashboard.bithost.io/users/new">Bithost</a> using your new email address, and confirm by clicking the link in the verification email. Then credit your Bithost account with at least <b>US$15</b> worth of bitcoin.
</p>
<h2>Create an SSH key-pair just for Tor</h2>
<p>You need to create an SSH key pair to connect to your server.</p>
<pre>ssh-keygen -C "no-one-knows" -f tor_only_rsa</pre>
<p>You should get output like this:</p>
<pre>Your identification has been saved in tor_only_rsa.
Your public key has been saved in tor_only_rsa.pub.
The key fingerprint is:
3c:fb:bf:4b:71:13:dd:d5:36:0d:94:6a:c7:23:97:75 no-one-knows</pre>
<p>Now add that key to Bithost (copying and pasting the contents of <code>tor_only_rsa.pub</code>). </p>
<h2>Create a server</h2>
<p>Great. Now launch a <b>Debian</b> (not Ubuntu) server using the key you uploaded earlier.</p>
<p>You should see instructions telling you how to ssh to your server, but <b>don't</b> run that command yet -- skip to the next step.</p>
<h2>SSH onto the server using Tor</h2>
<p>
Only ever connect to your server using Tor!
</p>
<h3>Run the Tor command line proxy.</h3>
<pre>tor</pre>
<h3>Connect to your server with SSH</h3>
<p>
Replace the IP <code>1.2.3.4</code> in the text below with your server's IP and add this to your SSH config.
<pre>~/.ssh/config</pre>
<pre>Host 1.2.3.4 my-secret-server
HostName 1.2.3.4
User root
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
IdentityFile ~/.ssh/tor_only_rsa</pre>
<p>
Notice the line <code>ProxyCommand ... 127.0.0.1:9050 ...</code>. This tells SSH to route connections through localhost port <strong>9050</strong>.
</p>
<p>You can now ssh onto your server through Tor!</p>
<pre>ssh my-secret-server</pre>
<h2>You have an anonymous server!</h2>
<p>
You're awesome! Now, upload something, set up a webserver, create a site where people can rate each other's cats... the world is your oyster... just try not to blow your cover (more on that <a href="https://www.bentasker.co.uk/documentation/linux/307-building-a-tor-hidden-service-from-scratch-part-1">here</a>).
</p>
<p>
Having SSH'd onto the server, you can set up your hidden service. Follow these instructions to get Apache set up as a service on Debian
<a href="https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps">https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps</a>
<h2>Uploading content</h2>
<p>Thanks to the SSH config that you set up earlier, you can upload files using <code>sftp</code> (via Tor).</p>
<pre>sftp my-secret-server</pre>
</p>
<h2>Next</h2>
<p>
<a href="scan-for-leaks.html">Scan for leaks</a>
</p>
<br/><hr/><br/>
<p class="center"><a href="https://github.com/anonoBlog/anonoBlog.github.io">Anonoblog</a> | Robin Doherty | <a href="https://robindoherty.com">robindoherty.com</a> | <a href="https://twitter.com/rdoh">@rdoh</a> | <a href="mailto:rdoherty@gmail.com">rdoherty@gmail.com</a> | <a href="https://keybase.io/rdoh">PGP</a> </p>
</div>
</div>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="bower_components/jquery/dist/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
</body>
</html>