openoms openoms

The following files show an example of how to create subdomains for onion site hidden services. (This hasn't been tested for hidden services for anything other than HTTP/HTTPS.)

(You might also want to read our blog post about ProPublica’s Tor hidden service, including a tutorial and notes on running a hidden service: https://www.propublica.org/nerds/item/a-more-secure-and-anonymous-propublica-using-tor-hidden-services )

In general, this works (maybe just in recent Tor clients) because Tor will handle the connection to www.xxxxxxxxxxxxxxxx.onion as a connection to xxxxxxxxxxxxxxxx.onion. The encapsulated HTTP/HTTPS connection contains the subdomain in the Host: header (and in the case of HTTPS, the SNI

the grand idea

I like public key auth. I feel safer using them instead of a username and password login. But, I might not have my private key with me at a time where I need access.

I started using yubikey with LastPass and since I have it always on my keychain, I decided to find more ways to make use of it.

I wasn't originally aware, but if you pass a private key to ssh and sshd is configured to accept a key, it appears pam isn't used. Your authorized keys are checked and you are logged in. If you don't pass a private key, ssh falls back to the more standard un*x style login found in /etc/pam.d/sshd. This is where we'll add the yubikey pam. I am currently unaware of a way to use both public key auth and yubikey for login.

These steps worked for me on debian squeeze/wheezy.

more info at the yubico-pam github repo

	###### User friendly interface script for use with ./dojo [command] ######

	I set it up to be used with passwordless root login via ssh, as you need to be root to utilize
	the ./dojo [commands], also because I run everything headless from my laptop. This may not be
	for you if you don't want to permit root login to the machine running your Dojo. I have my VMs
	set up with passwordless pubkeys and UFW so that my host machine is the only one that can login
	to the VMs via ssh. It is somewhat of a security risk if you do not structure yourself properly,
	so please be cautious.

	At the end of the script there is haggard documentation on how to setup ssh pubkeys.

	I am successfully running a local electrum server, getting its data from dojo. This is useful for private use of hardware wallets.

	Step 1: As Laurent MT suggested in the Samourai telegram group, you need to edit the docker-compose.yaml file, adding to the bitcoind section the following two lines

	ports:
	- "127.0.0.1:28256:28256"

	Step 2: Follow install directions for electrs, an electrum server written in rust.
	electrs install directions can be found here: https://github.com/romanz/electrs/blob/master/doc/usage.md

	#### Copy over block data to your Dojo ####

	## On your machine running Dojo, open 2 terminals, we'll call them [terminal A] & [terminal Doc]

	## In [terminal Doc] login to the bitcoind docker container as root
	$ sudo docker exec -u root -it bitcoind /bin/bash

	## [terminal Doc] Update and install a text editor
	$ apt-get update && apt-get install nano

	## Getting LND working with Dojo

	## Start Dojo
	$ cd /path/to/docker/my-dojo/ && sudo ./dojo.sh start

	## Login to the bitcoind docker container as root
	$ sudo docker exec -u root -it bitcoind /bin/bash

	## Update and install a text editor
	$ apt-get update && apt-get install nano

	#!/bin/bash

	# bash <(curl -s https://gist.githubusercontent.com/CandleHater/c36f8c205b31f70081d9e821bde36ebb/raw/initial-setup.sh)

	clear

	# show system info
	echo "- system"
	echo -e "Kernel\t: $(uname -rvm)"
	cat /proc/cpuinfo \| grep "model name" \| sed "s/model name/CPU/g"

	import base58
	x = 'xprv9s21ZrQH143K2f55zo5GiXiX16MiPzBgc2bEXNd77e1ooGsjxAyXjozyuniqiSB76VESjTW8s7vdsK3NFboha6tZgF9BzcDdNtUT6Aw99P2'
	zp = b'\x04\xb2\x43\x0c'
	base58.b58encode_check(zp + base58.b58decode_check(x)[4:]).decode('ascii')
	# output: 'zprvAWgYBBk7JR8GjFTKfWeX8huXM2ecHEAgSFdg6AQssemZuUWCTVJeywKFxCe1iFUwumU4EQhFnSdjdtGVgzdjAaFmQvY3ARrbvLbjsLf6oNE'

	# xprv = b'\x04\x88\xad\xe4'
	# yprv = b'\x04\x9d\x78\x78'
	# zprv = b'\x04\xb2\x43\x0c'

	Mute these words in your settings here: https://twitter.com/settings/muted_keywords

	ActivityTweet
	generic_activity_highlights
	generic_activity_momentsbreaking
	RankedOrganicTweet
	suggest_activity
	suggest_activity_feed
	suggest_activity_highlights
	suggest_activity_tweet

	# cards tested (same used for the SpecterDIY):
	# https://www.alibaba.com/product-detail/JCOP-Dual-Interface-Support-RSA4096-ECC_1600070838098.html (no NFC)
	# find more links to compatible products at:
	# https://github.com/Toporin/SatochipApplet#supported-hardware and
	# https://github.com/cryptoadvance/specter-javacard#cards-that-make-sense

	# Install the drivers and apps as for the SpecterDIY.
	# The Satochip applet can be used parallel on the same card and will have a separate PIN.
	# Download the applet from:
	# https://github.com/Toporin/SatochipApplet/releases