[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Extreme Exit Policy

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Extreme Exit Policy
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Tue, 18 Dec 2018 02:13:07 -0700
Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Dec 2018 04:13:24 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1545124391; bh=quYC71emd9UQ2AXv4SPZSkUQRDYwmC2TCL+3oRDc2dw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Uf4HeFHlwJ6ZRx+i3lHKgNlvme3f24hFieCqdJPKK0MqfbzJOPobFYgSebvYD1wU8 LPV4fPXle1u+eH+F3aufIkCZ3QUjdKLvd+43K+LCFIgwq7zvtEm9YKl49Xld2igAge apAdi2Ouz+Trhm8PA8jbBhwBJsGlKAFa3XEEw3TU=
In-reply-to: <20181218070927.GX25350@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <94E20C0A-28AB-4724-974A-08AE1F1BCE38@quintex.com> <cd4cf83d-dc62-7d61-660b-a43b40054933@riseup.net> <20181218070927.GX25350@moria.seul.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 12/18/2018 12:09 AM, Roger Dingledine wrote:
> On Mon, Dec 17, 2018 at 11:51:29PM -0700, Mirimir wrote:
>> Given that I SSH via Tor a lot, that would suck for me. If too many
>> exits didn't allow port 22, anyway. As it is, it's not uncommon for SSH
>> logins via Tor to die. Presumably after some network hiccup.
>>
>> And sure, I could setup .onion SSH for everything, and that'd arguably
>> be more secure. But sometimes I'm just too lazy for that.
>>
>> Now that I'm thinking of it, though, I wonder whether I ought to change
>> SSH to port 443. That'd give me a larger exit population, which would be
>> good. But for anyone watching, my SSH sessions would be more unusual.
>>
>> What would be the likely net impact of using port 443 for SSH?
> 
> Another more surprising impact for you is that your ssh connections would,
> counterintuitively, die more often.
> 
> That's because Tor has a LongLivedPorts option, where streams for those
> destination ports use circuits with all Stable-flagged relays, and 22
> is in the list but 443 is not:
> 
>        LongLivedPorts PORTS
>            A list of ports for services that tend to have long-running
>            connections (e.g. chat and interactive shells). Circuits for
>            streams that use these ports will contain only high-uptime nodes,
>            to reduce the chance that a node will go down before the stream is
>            finished. Note that the list is also honored for circuits (both
>            client and service side) involving hidden services whose virtual
>            port is in this list. (Default: 21, 22, 706, 1863, 5050, 5190,
>            5222, 5223, 6523, 6667, 6697, 8300)

Thanks. I guess that I'll stick with port 22, then.

And re .onion services, it's interesting that OnionCat port 8060 isn't
on the list. I guess that I ought to use one of those, instead.

> --Roger
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Extreme Exit Policy
  - From: grarpamp

References:
- [tor-relays] Extreme Exit Policy
  - From: John Ricketts
- Re: [tor-relays] Extreme Exit Policy
  - From: Mirimir
- Re: [tor-relays] Extreme Exit Policy
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Who is permanently checking my bridge relay?
Next by Author: Re: [tor-relays] Extreme Exit Policy
Previous by thread: Re: [tor-relays] Extreme Exit Policy
Next by thread: Re: [tor-relays] Extreme Exit Policy
Index(es):
- Author
- Thread