Checking for updates at a Debian HS repository showed a list of strange updates. I decided to quit without downloading them and a later check didn’t show the same results. The address should have been the same because I didn’t change it.
Are impersonation attacks possible with v2 Hidden Services?
private_key
First, Tor will generate a new public/private keypair for your onion service. It is written into a file called “private_key”. Don’t share this key with others – if you do they will be able to impersonate your onion service.