TORch: Illuminating the Path to your Node
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

1.7 KiB

TORch: Illuminating the Path to your Node

TORch is a solution for creating an SSH-via-Tor backdoor on a remote device as a means of fallback remote management and initial headless device configuration.

Description

Since Tor traffic easily crosses NAT boundries, this is a nice solution for

  • fallback connection to remote devices located on other LANs in the event that the network configuration on the remote side changes and the primary connection / VPN fails
  • the initial discovery and connection to a headless device like a Raspberry Pi on a local network which is configured via DHCP

A TORch solution consists of 3 processes:

  • torch-agent - Installed on remote machine; responsible for creating Tor hidden service and broadcasting the onion hostname an MQTT broker
  • MQTT broker - Any MQTT broker, reachable via IPv4 or Tor, through TLS or insecure communications
  • torch-subscriber - Listens for and handles onion hostname publications

Installation of TORch Agent (Ubuntu)

Copy the files to the target device

  • install-ubuntu2004.sh
  • torch-agent.py
  • torch.conf
  • torch.service

Run the installation script:

[email protected]:~$ ./install-ubuntu2004.sh

This will create a local user torch and install the TORch agent as a Systemd service named torch

Configuration

The TORch agent will look for a torch.conf configuration in the configuration directory.

The configuation directory can be specified by

  • The TORCH_CONFIG_DIR environment variable
  • Using the --config-dir commandline option
  • Default: /etc/torch

A fully configured example can be found here

See the sample torch.conf file for additional configuration options and details