Published hardened Bitcoin node guide

2022-02-17 13:36:55 -05:00 · 2022-02-17 13:36:55 -05:00 · 3b9f4b96e8
commit 3b9f4b96e8
parent 1141c5c415
8 changed files with 867 additions and 0 deletions
--- a/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh
+++ b/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh
@ -0,0 +1,52 @@
+#! /bin/sh
+
+# Depends on OpenSSL 1.1+ and basez (apt install -y basez openssl)
+
+set -e
+
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+basedir=$(pwd)
+
+if [ ! -d "$basedir/authorized_clients" ] || [ ! -f "$basedir/hostname" ]; then
+  printf "%s\n" "Run script inside hidden service directory"
+  exit 1
+fi
+
+printf "%s\n" "Enter key pair name and press enter"
+
+read -r name
+
+private_key="$(openssl genpkey -algorithm x25519)"
+
+public=$(echo -n "$private_key" | \
+  openssl pkey -pubout | \
+  grep -v " PUBLIC KEY" | \
+  base64pem -d | \
+  tail --bytes=32 | \
+  base32 | \
+  sed 's/=//g')
+
+auth="descriptor:x25519:$(echo -n $public)"
+
+echo $auth > "$basedir/authorized_clients/$name.auth"
+
+private=$(echo -n "$private_key" | \
+  grep -v " PRIVATE KEY" | \
+  base64pem -d | \
+  tail --bytes=32 | \
+  base32 | \
+  sed 's/=//g')
+
+auth_private="$(cat $basedir/hostname | awk -F  "." '{print $1}'):descriptor:x25519:$private"
+
+client_command="$(echo "cat << EOF > ./$name.auth_private\n$auth_private\nEOF\nchmod 600 $name.auth_private")"
+
+printf "%s\n" "Run following on client (within “auth” folder)"
+
+echo "$bold$client_command$normal"
+
+printf "%s $bold%s$normal %s\n" "Don’t forget to run" "systemctl restart tor" "on server"
+
+printf "%s\n" "Done"