TORch: Illuminating the Path to your Node
Go to file
2020-10-07 15:43:00 +02:00
debian Automated Debian package build 2020-10-07 12:48:55 +02:00
example Updated example README.md 2020-10-07 13:17:08 +02:00
.gitignore Automated Debian package build 2020-10-07 12:48:55 +02:00
make-pkg.sh Take GPG key lookup via email for signing into account 2020-10-07 13:13:12 +02:00
README.md Updated README.md with torch-pi-gen project 2020-10-07 15:43:00 +02:00
torch-agent.py Renamed torch-pub.py to torch-agent.py 2020-10-06 14:26:41 +02:00
torch-agent.service Automated Debian package build 2020-10-07 12:48:55 +02:00
torch.conf updated example conf file with clientId and onion host sample options 2020-10-06 11:16:26 +02:00

TORch: Illuminating the Path to your Node

TORch is a solution for creating an SSH-via-Tor backdoor on a remote device as a means of fallback remote management and initial headless device configuration.

Description

Since Tor traffic easily crosses NAT boundries, this is a nice solution for

  • fallback connection to remote devices located on other LANs in the event that the network configuration on the remote side changes and the primary connection / VPN fails
  • the initial discovery and connection to a headless device like a Raspberry Pi on a local network which is configured via DHCP (use a pre-baked RPi image from torch-pi-gen)

A TORch solution consists of 3 processes:

  • torch-agent - Installed on remote machine; responsible for creating Tor hidden service and broadcasting the onion hostname an MQTT broker
  • MQTT broker - Any MQTT broker, reachable via IPv4 or Tor, through TLS or insecure communications
  • torch-subscriber - Listens for and handles onion hostname publications

Build Debian Package

If you don't already have a GPG key, generate one:

gpg --full-generate-key

Using the e-mail address you provided during GPG key generation, run make-pkg.sh to build a Debian package and install it

./make-pkg.sh john@doe.com
apt update && apt install build/torch-agent_0.0.1-1_all.deb

This will:

  • create a local user torch
  • install the TORch agent as a Systemd service named torch-agent
  • modify /etc/tor/torrc to activate control via the Tor Controller port

Configuration

The TORch agent will look for a torch.conf configuration in the configuration directory.

The configuation directory can be specified by

  • The TORCH_CONFIG_DIR environment variable
  • Using the --config-dir commandline option
  • Default: /etc/torch

A fully configured example can be found here

See the sample torch.conf file for additional configuration options and details

Roadmap

[ ] Create a pi-gen image with TORch agent installed and /boot partition configuration