> There is also significant value to making a fresh start: new SSH keys > and new relay keys mean that even if your old provider has a backup, > or your old relay was compromised, or you have a backup of your keys, > it's not much use to anyone. Particularly on an exit, your traffic > will recover fairly quickly. > > It's completely up to you - I just wanted to describe the security > advantages of a fresh start, versus the traffic advantages (or > disadvantages) of keeping the same relay keys. I just wanted to add that if you run in "OfflineMasterKey 1" mode (and your master key never touched your VPS) you can move to a new VPS (keeping your keys) without big second thoughts about the key secrecy, since the old ISP will loose key access as soon as they expire (30 by default). ansible-relayor sets your relays up in OfflineMasterKey mode. https://github.com/nusenu/ansible-relayor also: Moving (multiple) tor instances to a new server is a matter of four steps with ansible-relayor: 1) ansible-relayor your-playbook.yml -t createdir -l newserver 2) mv -T ~/.tor/offlinemasterkeys/old-instance-name ~/.tor/offlinemasterkeys/new-instance-name 3) -> destroy your old VPS 4) ansible-relayor your-playbook.yml -l newserver Since temporary keys will not be migrated, your relay will require a few hours to As long as tor requires (online) RSA keys (not protected by "OfflineMasterKey 1") - that will be a long time - you can at least protect the Ed25519 master key.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays