Hacker News new | past | comments | ask | show | jobs | submit login

OK, i think (i have never done this before) that the following image should be public - ami-a97eaec0

it contains a basic 64 bit amazon linux image, with the extra code generated according to lgeek below http://news.ycombinator.com/item?id=3579531

to run, deploy the image, connect as ec2-user in the normal way and then:

- modify ~/tor.sh to change the port on which obsproxy listens, if you want

- change the security group to allow ports 9100 and 2189 (or whatever you change 2189 to above) (you may need to restart the instance at this point to apply the security group).

- modify the bandwidth limit in /usr/local/etc/tor/torrc (ie sudo emacs -nw /usr/local/etc/tor/torrc) - currently it's 50 KB/s which i think comes out as around $10-20 a month if it's fully used.

- start with the tor.sh script.

- check tor.log and note your external IP address.

- check external access using something like "telnet xxx.xxx.xxx.xxx 2189" (which generates a screenful of binary on success).

- contact tor-assistants at torproject.org so they can give the bridge location out to someone that needs it.

please post here or email me if there are any issues (a confirmation that you can access the ami would be cool too :o). also, are AWS external IP addresses permanent (if not, may need to use elastic IP + DNS)?

It looks like you left your public key in authorized_keys. I guess it was an honest mistake, but at the very least anyone using this AMI should remove it.

Now, please don't be offended, but this is one of the reasons I prefer instructions or more generally an easy way to replicate a result - which is easier to verify - rather than the built software/AMI/whatever. It's trivial to offer a compromised system and nearly impossible to verify that a system is secure.

On the other hand, tor and obfsproxy work for me using your AMI.

Security groups are applied as soon as you save your changes, no restart is required.

I've never seen an external IP address for an EC2 box change, I don't believe they do. They are typically part of the hostname and it would be strange to have amazon change this at random points in time. Elastic IP is good if you want to change a server a domain points to without having to wait for DNS propagation.

I just confirmed that I can access your AMI in the US East region. Be aware, however, that AMIs are region specific and thus your AMI cannot be found or used in any other region (such as US West).

thanks to the comments, i've created a new ami, ami-2b61b142, which should not have my keys. again, this is in US east.

i will delete the ami described in the post above, please use this one.

this will still have my contact details in the tor config /usr/local/etc/tor/torrc - you should change those too... (not a security issue, but if they email me about your install, there's not much i can do...)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact