Tor menus and features

[nyxnor]

SUGGESTIONS

Have more ideas to implement? Please let me know.

TRACK

This is to track what remains to be done.
It is just checked if I have tested it and worked to the maximum extent.

=[Checks]=========================================================="

• CREDENTIALS "See services credentials (address, key, QR code)"
• NYX "Terminal status monitor for tor")
• LOGS "Show the logs")
• TORRC "Edit configuration file (torrc)"
• RESTART "Restart Tor service or other instances"
• SSH_OVER_TOR ${SSHTORSTRINGb}" SSH over Tor"
  =[Countermeasure]=================================================="
• AUTH "Request client authentication for onion service"
• RENEW_ADDRESS "Request new onion services addresses"
• VANGUARDS ${VANGUARDSSTRINGb}" protection against server location deanonymization"
• BRIDGES ${BRIDGESTRINGb}" Tor bridges with pluggable transport"
• SOURCES "Request APT over Tor and update packages"
• CHANGE_CIRCUIT "Request new circuit (signal NEWNYM)"
• CHANGE_GUARD "Delete all circuits and force change of the entry node"
• BYPASS_IDLE ${PINGb}" countermeaseure against idle feature"
• OVER_VPN ${VPNSTRINGb}" Tor over VPN"
  =[Informational]==================================================="
• VERSION "Tor related packages version"
• ONION "Onion routing privacy and security benefits"
• DISCLAIMERS "What Tor does not provide?"
• SUPPORT_TPO "Support the Tor Project"
• SUPPORT_TORBOX "Support TorBox"

.

• Rename internet.hiddenservice.sh to tor.onion.service.sh or ${ONION_SERVICE_SCRIPT} and references of it inside other files

• Rename internet.tor.sh to tor.install.sh, tor.remove.sh, tor.update.sh and references of it inside other files

• Rewrite tor.update.sh to fit git

• Reword TOR to Tor inside all files (except if all of the words in the line are capital letters like TOR IS ACTIVE)

• Documentation, the good old docs..... needs some changes. Most information if already containte into text folders, but more detailed info will be in the FAQ.

[nyxnor]

Comments of the TO DO list

Today is 06 july 2021. I don't work on this every day, but I'm hoping to finish this in less than 2 weeks (If I have spare time, mostly code on weekends).
When publitc GIT? After I clean up the code to be understandable.
Also, it is a bit more complicated than that, because Im constantly giving feedback to TorBox project and patching things there to become mainstream and have happy little changes here when there is an update. By contributing there, I'm benefiting this work also.

• Should I insert vanguards=on in raspiblitz.conf? Updates will install them automatically.

• Working on tor.update.sh to bring a variety of options. The git repository will be github.com/torproject/tor, not the canonical git.torproject.org/tor.git because some users can't reach the TPO domain.

[nyxnor]

Improvements

Overall view, Tor already had this, but now it facilitates usages for everyone, even for me it became faster to bulk renewal or see credentials of multiple onion services addresses, or change APT sources. Many things that would take multiple manual steps like client auth just need to be set on the remote machine, as Blitz configure what it can from the server side. Vanguards is not implemented by default in any installation, now it will be optional installation, start, stoping, removing.

• Brings options for users to protect their onion service either by handling DDoS by restricting access with Client Authorization or by handling attack to deanonymize server location with Vanguards.
• You can APT over Tor for Debian and Tor Project sources (v3 addresses) and change it with a menu click any time, can be none, one of them or both over Tor.
• Onion service address renewal in case you leak them or just want to change
• See Tor credentials such as the address, the client key and the QR to connect to it from the terminal
• Changing circuits and entry node, Should change circuits more frequently than entry node, entry node is advanced usage and not expected.
• Tor will restart just when needed, it will sighup more than restart now, having less downtime.
• Countermeasure such as Bridfges (secure and anonymous), over VPN (potentially less anonymous) and bypass idle (when there is disconnection idle feature, suitable when travelling with the node on cafeterias, airports, hotels).
• SSH over Tor warns it is for advanced users and should use it cautiously, also incentivizes to use together with Client Auth
• Tor update will still be in Menu > Update > Tor, but it will use git to upgrade to any version.
• Most of the options prompt text explaining what are their functionalities and the important things to note when using it.
• Instruction texts at the bottom for user to understand more how Tor works, what it does not help, how to support the used projects.

[nyxnor]

IMAGES

Main menu

Bridges menu

Menu for Auth, credentials, renewal

APT over Tor

Choose instance (depending on the option, just edit, restart, sighup the chosen instance to avoid downtime)

[originaljeremy]

This is fantastic work. Thank you for doing it.

[nyxnor]

Restarting, reloading with specific ports or the whole tor

Restarting can take a long time, you can edit torrc files without needing to restart tor to apply changes, you can just reload it with the methods described below.

Glossary:

Reload: reads configuration files
Restart: stop and start the unit
Instance: tor@*.service (tor@default | tor@lnd). Instance is a systemd service. One instance can contain multiple control ports.
Control ports: ControlPort 9051, 9071. Control ports are inside an instance and are used as the controller for the application.

4 methods of reloading tor

• pkill (all instances and consequently all controllers)
• tor-prompt (will use the defaults ports if none is specified)
• systemd (specific instance and consequently all controllers inside that instance)
• stem (will use the defaults ports if none is specified)

Which method to use?

It depends on the case to be useful.
At this moment July 2021. Blitz uses 1 control port per instance, meaning that reloading either one will have the same result for now, but it can very on the objectives.

Reload all tor instances

sudo pkill -sighup tor

Reload specific port with 1 command

https://stem.torproject.org/tutorials/down_the_rabbit_hole.html

9051 for tor@default

sudo -u debian-tor tor-prompt --run 'SIGNAL HUP' -i 9051

9071 for tor@lnd

sudo -u _tor-lnd tor-prompt --run 'SIGNAL HUP' -i 9071

Reload or restart specific instance with systemd

sudo systemctl reload-or-restart tor@default

With this, can specify the instance, but not the port. It is possible to have multiple ports on the same instance (tor@default), but the way Blitz is doing right now is 2 separate instances, so this works.
The benefit of this is that it tries to reload at first, but it will (re)start the service if failed, stopped or inactive.

Reload specific port with 1 file and can include password

https://stem.torproject.org/faq.html#how-do-i-reload-my-torrc

• we don't use HashedPassword in the torrc, but storing this here for the future
• if there is no password, just cookie, we can still use this, but with controller.authenticate() empty

#!/usr/bin/env python3

from stem import Signal
from stem.control import Controller

with Controller.from_port(port = 9051) as controller:
  controller.authenticate(password=yourPassword)
  controller.signal(Signal.HUP)

Need to run with sudo, can be sudo -u debian-tor or sudo -u _tor-lnd depending on the port.
What I find strange is do I need to disown the process?

[nyxnor]

Ideas for future changes

This cannot be implemented now due to time limitation and complexity

• Manage client authorization, removing specific clients, giving names for them. Why not now? Cause Blitz services are for personal use, some you can share. Those you can share, the other party would need to learn a bit of client auth too.
• Do not hardcode service variables such as OnionAuth or source from service=on, explained here to loop inside services folder Tor patch #2419 (comment)

[nyxnor]

Documentation is still missing, not changes made to the FAQ or README, but I think brief notes there would help, as text/ folder is pretty resourceful on how to use each option.

Not missing anymore e056837

[nyxnor]

Latest tag from tor git:

git describe --tags $(git rev-list --tags --max-count=10)

tor-0.4.6.6
tor-0.4.6.5-46-g60ffee9d82
tor-0.4.6.5-45-g01fd3ace03
tor-0.4.6.2-alpha-108-g2fff1fc835
tor-0.4.6.5-43-gbd3ed77191
tor-0.4.6.2-alpha-107-g4302c0b4a1
tor-0.4.5.1-alpha-395-ge60d14bb6b
tor-0.4.6.5-40-g2630e4eea1
tor-0.4.6.2-alpha-105-gf2647295c0
tor-0.4.5.1-alpha-394-gfce99957e2

[rootzoll]

Its great work .. just because we have a lot of moving parts at the moment for the v1.7.1 with c-lightning and the setup-process refactor I will push this one realese up to 1.8.

[nyxnor]

This is being redesigned because I did not know it was that hard to keepup with TorBox changes even being a small project, to keep getting updates, I need to do differently.

As suggested by Openoms to make a pluggable project, it will work this way:
On my repo, I use a script to

• clone TorBox
• cp the files that I need about bridges
• remove the rest
• rename the files inside the scripts
• renames the file names
• create blitz directories
• place the files in the correct blitz directory
• clone onion-cli, it being a submodule of this different repo
• that is all that is needed basically
• add some scripts to this repo for
• reloading, restarting tor
• logs
• nyx :)
• apt source list with onion repo
• update option for this project
• change circuit
• change guard

Following this, there will be 1 main Tor menu and 3 secondary menus:

• Circumvention
• HiddenServices
• Control

[nyxnor]

Thanks to @openoms amazing dialog colors, used the same as Joininbox .dialogrc

[nyxnor]

The menu wont look like this anymore and for organization purposes, closing this.