# ![torch-icon](torch.png) TORch: Illuminating the Path to your Node

TORch is a solution for creating an SSH-via-Tor backdoor on a remote device as a means of fallback remote management and initial headless device configuration.

## Description

Since Tor traffic easily crosses NAT boundries, this is a nice solution for 
* fallback connection to remote devices located on other LANs in the event that the network configuration on the remote side changes and the primary connection / VPN fails
* the initial discovery and connection to a headless device like a Raspberry Pi on a local network which is configured via DHCP (use a pre-baked RPi image from [torch-pi-gen](/bj/torch-pi-gen))

A TORch solution consists of 3 processes:
* `torch-agent` - Installed on remote machine; responsible for creating Tor hidden service and broadcasting the onion hostname an MQTT broker
* MQTT broker - Any MQTT broker, reachable via IPv4 or Tor, through TLS or insecure communications
* `torch-subscriber` - Listens for and handles onion hostname publications

## Build Debian Package

If you don't already have a GPG key, generate one:

```bash
gpg --full-generate-key
```

Using the e-mail address you provided during GPG key generation, run `build-deb.sh` to build a Debian package and install it

```bash
./build-deb.sh john@doe.com
apt update && apt install build/torch-agent_0.0.2-1_all.deb
```

This will:
* create a local user `torch` 
* install the TORch agent as a Systemd service named `torch-agent`
* modify `/etc/tor/torrc` to activate control via the Tor Controller port

## Configuration

The TORch agent will look for a `torch.conf` configuration in the configuration directory.

The configuation directory can be specified by
* The `TORCH_CONFIG_DIR` environment variable
* Using the `--config-dir` commandline option
* Default: `/etc/torch`

A fully configured example can be found [here](example)

See the sample [`torch.conf`](torch.conf) file for additional configuration options and details