Hierbei handelt es sich nur um ein Protokoll meiner persönlichen Installation
Installation auf eigene Gefahr

Ich weiß nano ist bäh aber für Kleinscheiß mag ich ihn

Das Tutorial sollte auch auf dem RaspberryPi mit raspian laufen

Tor Logo

Downlaod Rasbian
BPI-M5 BPI-M2 Pro new image:Rasbian image, 2022-4-09 update, Rasbian image for linux kernel 4.9 and 5.17. support 32bit and 64 bit,please choose the right image

Nicht wundern meine SD hatte nach der Installation total: 2.47GB
Zu beheben mit $ sudo raspi-config

  • Advanced Options
  • Expand Filesystem
  • "Root Partition has been resized. The filesystem will be enlarged upon the next reboot."

Image via Etcher installieren
Für die Grundeinstellung werden Bildschirm mit HDMI und Tastatur benötigt
Login: pi / bananapi
$ sudo raspi-config

  • activate SSL
  • update location

Make sudo require a password
$ sudo nano /etc/sudoers.d/010_pi-nopasswd

  • pi ALL=(ALL) NOPASSWD: ALL
    to
  • pi ALL=(ALL) PASSWD: ALL
  • Save and exit (CTRL+O, CTRL+X)

SSH: Change the default port
$ sudo nano /etc/ssh/sshd_config

  • # Port 22 mit dem gewünschten SSL Port Port xxx ersetzen und # entfernen nicht vergessen
  • Save and exit (CTRL+O, CTRL+X)
    $ sudo service ssh restart

Install Fail2ban
$ sudo apt install fail2ban

SSH key erstellen (https://www.raspberrypi-spy.co.uk/2019/02/setting-up-ssh-keys-on-the-raspberry-pi/)
$ cd ~
$ mkdir .ssh
$ cd .ssh
$ touch authorized_keys
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
$ cd ~/.ssh
$ ssh-keygen
$ cat id_rsa.pub >> authorized_keys
$ sudo apt-get install putty-tools
$ puttygen id_rsa -o id_rsa.ppk

Key anstelle Passwort
$ sudo nano /etc/ssh/sshd_config
#PasswordAuthentication yesändern zu PasswordAuthentication no

  • Save and exit (CTRL+O, CTRL+X)

$ sudo apt-get update
$ sudo apt-get upgrade

Tor Bridge installieren
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/

$ sudo apt install tor
($ sudo apt-get install obfs4proxy)

$ sudo nano /etc/tor/torrc
Der Code zum einfügen ist hier unter Punkt 5 zu finden
Quelle zu IPv4Only hier

Meine torrc
1 BridgeRelay 1
2 ORPort xxxx IPv4Only
3 ControlPort 9051
4 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
5 ServerTransportListenAddr obfs4 0.0.0.0:443 IPv4Only
6 ExtORPort auto
7 ContactInfo xxxx fingerprint: xxxx
8 Nickname xxxx

IPv4Only da ich hinter einer NAT sitze

xxxx durch eigene Daten ersetzen
$ journalctl -e -u tor@default

  • Save and exit (CTRL+O, CTRL+X)

$ sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy

$ sudo nano /lib/systemd/system/tor@default.service

  • NoNewPrivileges=no
  • Save and exit (CTRL+O, CTRL+X)

$ sudo nano /lib/systemd/system/tor@.service

  • NoNewPrivileges=no
  • Save and exit (CTRL+O, CTRL+X)

WICHTIG die Ports im Router freigeben TCP und UDP
Folgende Einstellungen habe ich in meiner Fritzbox unter Internet -> Freigaben gemacht:
* Selbstständige Portfreigaben für dieses Gerät erlauben.
* PING6 freigeben.
* Firewall für delegierte IPv6-Präfixe dieses Gerätes öffnen

$ sudo systemctl enable --now tor.service
$ sudo journalctl -e -u tor@default

Monitoring
Install nyx https://nyx.torproject.org/#faq
$ sudo apt-get install nyx
$ sudo nyx

Install vnstat https://github.com/vergoh/vnstat
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install vnstat
$ sudo systemctl start vnstat
$ vnstat

Install vnstati (Visualisierung vnstat)
$ sudo apt-get install vnstati

Alias im bash_profile erstellen um schneller arbeiten zu können
$ sudo nano ~/.bash_profile

alias temp="cat /sys/class/thermal/thermal_zone0/temp && cat /sys/class/thermal/thermal_zone1/temp && cat /sys/class/thermal/thermal_zone2/temp"
alias torlog="journalctl -e -u tor@default"
alias torrestart="systemctl restart tor.service"
alias shut="sudo shutdown -h now"

Backup Tor Identity Keys

After your initial installation and start of the tor daemon it is a good idea to make a backup of your relay's long term identity keys. They are located in the "keys" subfolder of your DataDirectory (simply make a copy of the entire folder and store it in a secure location). Since relays have a ramp-up time it makes sense to back up the identity key to be able to restore your relay's reputation after a disk failure - otherwise you would have to go through the ramp-up phase again. Only do this if you have a very secure place for your keys as if stolen, these keys could theoretically allow traffic decryption or impersonation.

Default locations of the keys folder:

Debian/Ubuntu: /var/lib/tor/keys

Quelle: https://community.torproject.org/relay/setup/post-install/

Backup der keys unter Debain:
Unter Debain haben nur root und debian-tor Zugriff auf das Verzeichnis
$ sudo -su
$ cd /var/lib/
$ tar -cvf tor.tar.gz tor
$ cp tor.tar.gz tor ../../home/dein user

Dann per FTP herunterladen :)

Wenn das System läuft, kann ein Image der gesamten SD gemacht werden
https://askubuntu.com/questions/227924/sd-card-cloning-using-the-dd-command
Mein Befehl zum erstellen des Images
$ sudo dd if=/dev/sda of=/home/xxx/img_bananapi/sd.img bs=1M status=progress

Setting up outage notifications

Once you set up your relay it will likely run without much work from your side. If something goes wrong it is good to get notified automatically. We recommend you use one of the free services that allow you to check your relay's ORPorts for reachability and send you an email should they become unreachable for whatever reason.

UptimeRobot is one of these services that allow you to monitor TCP listeners on arbitrary ports. This service can check your configured ports once every 5 minutes and send you an email should your tor process die or become unreachable. This checks only for the listener but does not speak the Tor protocol.

A good way to monitor a relay for its health state is to have a look at its bandwidth graphs.
Quelle: https://community.torproject.org/relay/setup/post-install/

Seite wird von Zeit zu Zeit aktualisiert ...
Last Update: 24.11.22