Push remote LND static channel backups to GitHub via Tor

[kristapsk]

What

Push LND local channel remote backups to GitHub via Tor, not clearnet.

Why

RaspiBolt configures LND to work as .onion service only by default. But without this change remote static channel pushes to github.com happen using clearnet. This way your real IP address ir revealed to github.com (Microsoft), together with your channel information.

How

Change git configuration for lnd user to use torsocks ssh instead of ssh to connect to GitHub.

Scope

• significant change to core configuration
• independent bonus guide
• simple bug fix

Fixes #1065

Test & maintenance

Modify git config, do touch /data/lnd/data/chain/bitcoin/mainnet/channel.backup and check that new backup file is pushed to GitHub repository.

[VajraOfIndra]

just a nit

[VajraOfIndra]

Test & maintenance

Modify git config, do touch /data/lnd/data/chain/bitcoin/mainnet/channel.backup and check that new backup file is pushed to GitHub repository.

Ok so I tested it and my backup was pushed to my repo... however, how can I check that it indeed use Tor and not clearnet.. is there any way to check this?

Also, how can I check again that the -global core.sshCommand command is enabled and set with the required value?

[kristapsk]

how can I check that it indeed use Tor and not clearnet..

You can try running git fetch or any other command with GIT_TRACE environment varibale set, for example (notice that it executes torsocks ssh instead of ssh):

$ GIT_TRACE=1 git fetch
23:42:40.380890 git.c:439               trace: built-in: git fetch
23:42:40.382130 run-command.c:663       trace: run_command: 'torsocks ssh' -G git@github.com
23:42:40.401985 run-command.c:663       trace: run_command: unset GIT_PREFIX; 'torsocks ssh' git@github.com 'git-upload-pack '\''YourUserName/remote-lnd-backup.git'\'''
23:42:44.081382 run-command.c:663       trace: run_command: git rev-list --objects --stdin --not --all --quiet --alternate-refs
23:42:44.087422 run-command.c:663       trace: run_command: git rev-list --objects --stdin --not --all --quiet --alternate-refs
23:42:44.090474 git.c:439               trace: built-in: git rev-list --objects --stdin --not --all --quiet --alternate-refs
23:42:44.508229 run-command.c:1623      run_processes_parallel: preparing to run up to 1 tasks
23:42:44.508293 run-command.c:1655      run_processes_parallel: done
23:42:44.508331 run-command.c:663       trace: run_command: git gc --auto
23:42:44.511431 git.c:439               trace: built-in: git gc --auto

Also, how can I check again that the -global core.sshCommand command is enabled and set with the required value?

cat /home/lnd/.gitconfig

[VajraOfIndra]

cat /home/lnd/.gitconfig

Looks good?

I couldn't try GIT_TRACE=1 git fetch as I don't have a Git repo with the lnd user, I get the following error message:
fatal: not a git repository (or any of the parent directories): .git

[kristapsk]

cat /home/lnd/.gitconfig

Looks good?

Yes, that's exactly how it's supposed to be.

[kristapsk]

I couldn't try GIT_TRACE=1 git fetch as I don't have a Git repo with the lnd user

You have, /data/lnd/remote-lnd-backup is git repo.

[VajraOfIndra]

/data/lnd/remote-lnd-backup

Ah ok, good point! It looks a bit different from your output but looks ok I think..

lnd@raspibolt:/data/lnd/remote-lnd-backup $ GIT_TRACE=1 git fetch
09:17:15.837506 git.c:444 trace: built-in: git fetch
09:17:15.838807 run-command.c:664 trace: run_command: GIT_PROTOCOL=version=2 'torsocks ssh' -G -o SendEnv=GIT_PROTOCOL git@github.com
09:17:15.863008 run-command.c:664 trace: run_command: unset GIT_PREFIX; GIT_PROTOCOL=version=2 'torsocks ssh' -o SendEnv=GIT_PROTOCOL git@github.com 'git-upload-pack '''VajraOfIndra/remote-lnd-backup.git''''
09:17:25.366436 run-command.c:664 trace: run_command: git rev-list --objects --stdin --not --all --quiet --alternate-refs
09:17:25.381335 run-command.c:664 trace: run_command: git rev-list --objects --stdin --not --all --quiet --alternate-refs
09:17:25.384639 git.c:444 trace: built-in: git rev-list --objects --stdin --not --all --quiet --alternate-refs
09:17:25.974610 run-command.c:1625 run_processes_parallel: preparing to run up to 1 tasks
09:17:25.974677 run-command.c:1657 run_processes_parallel: done
09:17:25.974715 run-command.c:664 trace: run_command: git maintenance run --auto --no-quiet
09:17:25.977949 git.c:444 trace: built-in: git maintenance run --auto --no-quiet

[VajraOfIndra]

tACK

It's nice privacy improvement ❤️