I use a laptop to connect to a server in the cloud to run my tor relay and I wanted to download my relay’s master key off the server. I tried searching online for answers and all I can find is vague information about backingup keys. I would like to know the commands used to download them to the laptop or if its even possible to do.
Thanks for the help
https://community.torproject.org/relay/setup/post-install/
There you find the directory you have to backup.
To give a more specific answer or even a working command we have to know a bit more about your setup. Which os, how do you connect to your server etc.
They keys are located in /var/lib/tor/keys.
You can use WinSCP to connect to the server and download the keys locally
Hi check out this link from the Tor Project Community.
Read number 9 Maintaining a relay - Backup Tor Identity Keys
https://community.torproject.org/relay/setup/post-install/
Hope this helps
First of all try to understand, what you are doing (I might have made a typo or mistake, even if I’m trying not to) → it will help you in the end.
10.10.10.10 ← The server you tor is running now.
12.12.12.12 ← The new server you want the identity to be copied to.
In general I back up the complete DataDirectory /var/lib/tor
in this case. Be root or use sudo. Stop the tor process before doing so.
cd /var/lib/
tar cvfz /tmp/tor-backup.tgz tor
chown username:username /tmp/tor-backup.tgz
The last step is necessary to give permission to the user you are able to login via ssh. If you login as root, this is not needed otherwise exchange both username:username to the user you are using for ssh.
copy the tor-backup.tgz
with scp
to the new server or backup location (Do this on the machine you want to copy the backup to [12.12.12.12]):
scp username@10.10.10.10:/tmp/tor-backup.tgz /tmp/tor-backup.tgz
If you want to migrate your node to another server (12.12.12.12), be sure to have to installed and configured tor (torrc), but it is not running yet. Then copy/move the backup to your new DataDirectory:
mv /tmp/tor-backup.tgz /var/lib/
cd /var/lib/
tar xvfz tor-backup.tgz
chown -R debian-tor:debian-tor /var/lib/tor
The last line is assuming you will run tor on a Debian system with the standard user debian-tor
. If this is not the chase, you have to adapt it to your needs.
On the server 10.10.10.10 remove the file in /tmp/ after confirming your backup worked.
rm /tmp/tor-backup.tgz
and remove the tor-backup.tgz from /var/lib/tor-backup.tgz on the new machine too:
→ rm /var/lib/tor-backup.tgz
Afterwards start tor on the new machine and you should be fine. In case you want a backup store tor-backup.tgz
in a safe location. You should also remove the original keys on the 10.10.10.10 in the last step:
rm -rf /var/lib/tor
[a few extra steps where included for clarity]
I am using debian 12 for anyone wondering what os.
Thanks for taking the time to explain.
If we want to keep the node running, do we need to keep its identity secret keys present locally for it to continue working or not? If not, would it be best to store the keys off the server to lessen the risk of them being compromised?
Have a look here:
You can store the master key offline.
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/OfflineKeys