# ![torch-icon](torch.png) TORch: Illuminating the Path to your Node TORch is a solution for creating an SSH-via-Tor backdoor on a remote device as a means of fallback remote management and initial headless device configuration. ## Description Since Tor traffic easily crosses NAT boundries, this is a nice solution for * fallback connection to remote devices located on other LANs in the event that the network configuration on the remote side changes and the primary connection / VPN fails * the initial discovery and connection to a headless device like a Raspberry Pi on a local network which is configured via DHCP (use a pre-baked RPi image from [torch-pi-gen](/bj/torch-pi-gen)) A TORch solution consists of 3 processes: * `torch-agent` - Installed on remote machine; responsible for creating Tor hidden service and broadcasting the onion hostname an MQTT broker * MQTT broker - Any MQTT broker, reachable via IPv4 or Tor, through TLS or insecure communications * `torch-subscriber` - Listens for and handles onion hostname publications ## Build Debian Package If you don't already have a GPG key, generate one: ```bash gpg --full-generate-key ``` Using the e-mail address you provided during GPG key generation, run `build-deb.sh` to build a Debian package and install it ```bash ./build-deb.sh john@doe.com apt update && apt install build/torch-agent_0.0.5-1_all.deb ``` This will: * create a local user `torch` * install the TORch agent as a Systemd service named `torch-agent` * modify `/etc/tor/torrc` to activate control via the Tor Controller port ## Configuration The TORch agent will look for a `torch.conf` configuration in the configuration directory. The configuation directory can be specified by * The `TORCH_CONFIG_DIR` environment variable * Using the `--config-dir` commandline option * Default: `/etc/torch` A fully configured example can be found [here](example) See the sample [`torch.conf`](torch.conf) file for additional configuration options and details