wiki:doc/EC2Account

Tor's Amazon EC2 account

Tor has an account on Amazon EC2 and can grant its developers access to that account to crunch some Tor descriptors, run a simulation, or perform other tasks that laptops were not meant to do and that real servers would be too cumbersome to set up.

Getting started

If you are a Tor developer and would like to use EC2, you should follow these steps:

  1. Read through the following limitations and make sure you're okay with all of them:
    • Don't run relays or bridges in the public Tor network on EC2, ever. Private Tor networks and simulated Tor networks are fine, and clients in the public Tor network are okay, too.
    • Try not to spend more than $30 per month on EC2, or ask your team lead for permission first. If you need a virtual machine for running a service, you should instead ask the sysadmins to create one for you.
    • Watch out for unused resources you requested and shut them down as early as possible.
  2. Request credentials from Karsten by email. Please include a description what you'd want to do on EC2. Karsten may need to get approval for creating your account, so this may take a few days. Fortunately, you only need to do this once.
  3. Once you have user credentials, log into AWS and change your password. You now have access to Tor's EC2 account.

Create SSH key pairs

First thing to do once you've logged in is to create/add an SSH key. Once you've selected a location, do the following:

  1. Go to Network & Security -> Key Pairs on the left menu on the main page.
  2. Press on the Import Key Pair button. Let's not put our private keys on Amazon servers ;).
    • Time to generate an SSH key pair for Tor ec2 instances (yeah... don't ask, only RSA keys...). Don't hesitate to create one per instance you want to use (MOAR security): ssh-keygen -f ~/.ssh/id_rsa_tor-ec2
  3. Put at least your name in the Key pair name input box.
  4. Copy paste the content of ~/.ssh/id_rsa_tor-ec2.pub in the Public key contents input box.
  5. Once imported, make sure to verify your key fingerprint. It should match this: openssl rsa -in .ssh/id_rsa_ec2-tor -pubout -outform DER | openssl md5 -c

Good, you are now all set! Here is a reminder on how to use this key when sshing in the instance using it: ssh -i ~/.ssh/id_rsa_ec2-tor ...

Last modified 3 years ago Last modified on Aug 7, 2015, 9:31:50 AM