Script needed basez to work. It did what it was supposed to, but I find the whole process of what to do next with the generated pub/priv key pair very confusing. The wiki and script differ in naming and terminology of the same thing and I’m not understanding it.
Problem: tor can’t restart with the changes in torrc.d and no onionv3 is ever created. I think the instructions for generating a plain v3 onion are broken. journalctl logs are useless here.
I’m just not seeing the usecase to justify all the complexity when one can just generate unique onions and hand them out to different parties and delete the ones no longer permitted to access?
Maybe it’s based on incorrect assumptions? Maybe finding an onion through trying to connect randomly to them is conceivable? Chances are? I am speculating under the assumption that Tor Project wouldn’t have gone through the complexity of implementing this if there is no gain. Maybe we can find a rationale for this feature or maybe ask upstream?
Guessing it is as likely as guessing the correct key that has 2^256 entropy.
The only advantage I’m seeing is that it has less resource load than the multi onion approach, but then again if you have a authenticated access scenario, how many parties do you hope to manage before it becomes out of hand? The security argument is moot when malware can just steal the auth cookie. Also you can take v3 service keys offline for extra security. Another argument for authenticated access is it makes webserver configuration more manageable than in the multi onion scenario.
Another suggestion is to use it to protect a publicly accessible bookmark that you refer to, but I would archive the info all offline because it gives more peace of mind.
Dec 13 15:47:47 host Tor[784]: Read configuration file “/etc/tor/torrc”.
Dec 13 15:47:47 host Tor[784]: Included configuration file or directory at…onf".
Dec 13 15:47:47 host Tor[784]: Included configuration file or directory at…onf".
Dec 13 15:47:47 host Tor[784]: Included configuration file or directory at…onf".
Dec 13 15:47:47 host Tor[784]: You configured a non-loopback address '10.1…nted.
Dec 13 15:47:47 host Tor[784]: You configured a non-loopback address '10.1…nted.
Dec 13 15:47:47 host Tor[784]: Permissions on directory /var/lib/tor/hidde…sive.
Dec 13 15:47:47 host Tor[784]: Failed to parse/validate config: Failed to …ails.
Dec 13 15:47:47 host Tor[784]: Reading config failed–see warnings above. …y -h.
Dec 13 15:47:47 host Tor[784]: Restart failed (config error?). Exiting.
Dec 17 :12 host systemd[1]: Reloading Anonymizing overlay network for TCP.
Dec 17 :12 host systemd[1]: Reloaded Anonymizing overlay network for TCP.
Dec 17 :12 host Tor[1093]: Received reload signal (hup). Reloading config and resetting internal state.
Dec 17 :12 host Tor[1093]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Dec 17 :12 host Tor[1093]: Read configuration file "/etc/tor/torrc".
Dec 17 :12 host Tor[1093]: Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/40_tor_control_panel.conf".
Dec 17 :12 host Tor[1093]: Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/50_user.conf".
Dec 17 :12 host Tor[1093]: Included configuration file or directory at recursion level 1: "/etc/torrc.d/95_whonix.conf".
Dec 17 :12 host Tor[1093]: You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 17 :12 host Tor[1093]: You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 17 :12 host Tor[1093]: Permissions on directory /var/lib/tor/hidden_service/ are too permissive.
Dec 17 :12 host Tor[1093]: Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 17 :12 host Tor[1093]: Reading config failed--see warnings above. For usage, try -h.
Dec 17 :12 host Tor[1093]: Restart failed (config error?). Exiting.
Dec 17 :13 host systemd[1]: tor@default.service: Main process exited, code=exited, status=1/FAILURE
user@host:~$
user@host:~$ anon-verify
/===================================================================\
| Report Summary |
\===================================================================/
Your Tor config files contain at least one error.
Tor verify exit code: 1
/===================================================================\
| Tor Concise Report |
\===================================================================/
Below warns and errors must be fixed before you can use Tor:
Dec 17 :40.099 [warn] Permissions on directory /var/lib/tor/hidden_service/ are too permissive.
Dec 17 :40.099 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 17 :40.099 [err] Reading config failed--see warnings above.
/===================================================================\
| Tor Full Report |
\===================================================================/
Dec 17 :40.085 [notice] Tor 0.4.1.6 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Dec 17 :40.085 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 17 :40.086 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Dec 17 :40.086 [notice] Read configuration file "/etc/tor/torrc".
Dec 17 :40.097 [notice] Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/40_tor_control_panel.conf".
Dec 17 :40.097 [notice] Included configuration file or directory at recursion level 2: "/usr/local/etc/torrc.d/50_user.conf".
Dec 17 :40.097 [notice] Included configuration file or directory at recursion level 1: "/etc/torrc.d/95_whonix.conf".
Dec 17 :40.098 [notice] You configured a non-loopback address '10.152.152.10:5300' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 17 :40.098 [notice] You configured a non-loopback address '10.152.152.10:9040' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 17 :40.099 [warn] Permissions on directory /var/lib/tor/hidden_service/ are too permissive.
Dec 17 :40.099 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 17 :40.099 [err] Reading config failed--see warnings above.
/===================================================================\
| Used Tor Configuration Files |
\===================================================================/
5 files are used as Tor configuration files:
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc /etc/torrc.d/95_whonix.conf /usr/local/etc/torrc.d/40_tor_control_panel.conf /usr/local/etc/torrc.d/50_user.conf
=====================================================================
user@host:~$
That removes read/write/execute permissions for group members (of debian-tor) too. I don’t know which files in /var/lib/tor - if any - might require read/write access by group debian-tor members. Maybe none.