How to Create an Anonymous Bitcoin Node on Ubuntu Server Behind Tor

How to Create an Anonymous Bitcoin Node on Ubuntu Server Behind Tor

By Category :

Step by Step Guide: How to Create an Anonymous Bitcoin Node on Ubuntu Server Behind Tor

Running a Bitcoin node behind the Tor network enhances privacy and ensures anonymity. This guide explains how to set up a Bitcoin node on an Ubuntu Server accessible and connected only through the Tor network.

Step 1: Prerequisites

  1. Ubuntu Server: A clean installation of Ubuntu (20.04 or newer) on a physical or virtual machine.
  2. Tor Installed: The Tor service must be installed and running on the server.
  3. Hardware Recommendations:
    • Minimum 2 GB of RAM.
    • At least 350 GB of free disk space for the Bitcoin blockchain.
  4. Basic Knowledge: Familiarity with Linux commands.

Step 2: Update Your Server

  1. Update the Package List: sudo apt update && sudo apt upgrade -y
  2. Install Essential Tools: sudo apt install curl wget nano ufw unzip -y

Step 3: Install Tor

  1. Install Tor: sudo apt install tor -y
  2. Enable and Start Tor: sudo systemctl enable tor sudo systemctl start tor
  3. Verify Tor Installation: systemctl status tor

Step 4: Configure Tor for Bitcoin Node

  1. Edit Tor Configuration: sudo nano /etc/tor/torrc
  2. Add Hidden Service Configuration: HiddenServiceDir /var/lib/tor/bitcoin_node/HiddenServicePort 8333 127.0.0.1:8333HiddenServicePort 8332 127.0.0.1:8332
    • HiddenServiceDir: Directory for the Tor hidden service.
    • HiddenServicePort 8333: Maps Bitcoin’s P2P port.
    • HiddenServicePort 8332: Maps the RPC port for local use.
  3. Restart Tor: sudo systemctl restart tor
  4. Retrieve the Onion Address: sudo cat /var/lib/tor/bitcoin_node/hostname Save this .onion address, as it will be the address of your Bitcoin node.

Step 5: Install Bitcoin Core

Download Bitcoin Core: Visit the official Bitcoin Core website to get the latest download link. Example for version 24.0.1:

wget https://bitcoincore.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz

Verify the Download: Download the checksum file and verify:

wget https://bitcoincore.org/bin/bitcoin-core-24.0.1/SHA256SUMS wget https://bitcoincore.org/bin/bitcoin-core-24.0.1/SHA256SUMS.asc sha256sum --check SHA256SUMS --ignore-missing

Extract and Install:

tar -xvf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-24.0.1/bin/*

Check Installation: bitcoind --version

Step 6: Configure Bitcoin Core

Create the Bitcoin Data Directory: mkdir -p ~/.bitcoin

Edit the Bitcoin Configuration File:

nano ~/.bitcoin/bitcoin.conf

Add the following configuration:

# Network Configuration

listen=1

torcontrol=127.0.0.1:9051

proxy=127.0.0.1:9050

onlynet=onion

bind=127.0.0.1

externalip=<your_onion_address>.onion

rpcbind=127.0.0.1

rpcallowip=127.0.0.1

addnode=fno4aakpl6sg6y47.onion

addnode=yuutnnqqgsavo4p4.onion

# RPC Configuration

server=1

rpcuser=your_rpc_user

rpcpassword=your_rpc_password

Replace <your_onion_address> with the address retrieved from /var/lib/tor/bitcoin_node/hostname.

Start Bitcoin Core: bitcoind -daemon

Verify Tor Connectivity: Use the Bitcoin client to check the network status: bitcoin-cli getnetworkinfo

Step 7: Upload and Connect a Wallet (Optional)

  1. Create a Wallet: bitcoin-cli createwallet "mywallet"
  2. Generate a New Address: bitcoin-cli getnewaddress
  3. Start Receiving Transactions: Share the .onion address and use the wallet for private transactions.

Step 8: Security Hardening

General Hardening

  1. Enable UFW: sudo ufw allow 8333 sudo ufw enable
  2. Disable Root Login: Edit /etc/ssh/sshd_config: PermitRootLogin no
  3. Regularly Update Software: Keep the OS, Tor, and Bitcoin Core updated.
  4. Limit RPC Access: Ensure rpcbind and rpcallowip are restricted to 127.0.0.1.

Tips for Maintaining Privacy

  1. Isolate Environment: Use a dedicated VM or hardware for the Bitcoin node.
  2. Avoid Mixing Services: Do not use the same server for non-anonymous tasks.
  3. Monitor Logs: Regularly check Tor and Bitcoin logs for unusual activity: sudo tail -f /var/log/tor/log /path/to/bitcoin/debug.log

This setup ensures your Bitcoin node is only accessible through the Tor network, providing anonymity and privacy. Always follow best practices to maintain operational security.

While the setup we described is designed to maximize anonymity and security, nothing is 100% secure or anonymous. Tor-based systems and Bitcoin nodes have inherent risks due to potential vulnerabilities in software, configurations, or operational security (OpSec). Below, I address additional steps, potential risks, and how to mitigate them:

Additional Security Measures

  1. Use a Non-Default Tor Port
    Changing Tor’s default ports (9050/9051) can reduce the risk of being flagged by network monitoring systems. Edit /etc/tor/torrc: SocksPort 9150 ControlPort 9151 Restart Tor: sudo systemctl restart tor
  2. Use a Hardened Kernel
    Consider using a kernel with security enhancements like AppArmor or SELinux.
    • Install AppArmor: sudo apt install apparmor apparmor-utils -y sudo systemctl enable apparmor
  3. Run the Node in a Sandbox
    Isolate the Bitcoin node by using a container (e.g., Docker with Tor routing) or virtual machine (VM). This limits the damage from exploits.
  4. Avoid DNS Leaks
    Ensure DNS requests go through Tor by using a tool like dnsmasq configured to route DNS queries through 127.0.0.1:9050.
  5. Monitor Network Traffic
    Use tools like iftop or tcpdump to ensure that all outbound traffic is routed through Tor: sudo apt install iftop sudo iftop -i eth0
  6. Encrypt the Filesystem
    Use disk encryption to protect data if the server is compromised: sudo apt install cryptsetup sudo cryptsetup luksFormat /dev/sdX
  7. Disable IPv6
    Tor primarily operates over IPv4. Disable IPv6 to prevent accidental leaks: echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p
  8. Use a Tor Bridge
    To hide the fact that you’re using Tor, use a Tor bridge. Add to /etc/tor/torrc: UseBridges 1 Bridge obfs4 <bridge-address>

Operational Security (OpSec)

  1. Avoid Reusing Onion Addresses
    If the node is compromised, generating a new onion address minimizes the risk of tracking.
  2. Do Not Share Onion Address Publicly
    Share the .onion address only with trusted parties to avoid attacks.
  3. Use a Separate Wallet
    Do not use the same Bitcoin wallet for anonymous and public transactions. Mixing them can deanonymize your node.
  4. Limit Third-Party Dependencies
    Avoid installing unnecessary packages or scripts, which can introduce vulnerabilities.
  5. Regularly Check for Updates
    Stay updated with the latest Tor, Bitcoin Core, and Ubuntu security patches: sudo apt update && sudo apt upgrade -y
  6. Run the Node on a Hidden Local Network
    Configure a private virtual network between your host and the VM to prevent direct exposure.

Potential Risks

  1. Tor Exploits
    Tor has vulnerabilities, such as traffic correlation attacks. While rare, adversaries like state actors could potentially deanonymize Tor users. Mitigation: Use Tor bridges and reduce traffic patterns that could correlate activity.
  2. Bitcoin P2P Network Attacks
    The Bitcoin network itself is not inherently private. Observers could analyze transaction metadata to link your node to real-world activities. Mitigation: Operate exclusively on the Tor network (onlynet=onion in bitcoin.conf).
  3. Configuration Errors
    A small misconfiguration (e.g., exposing rpcallowip=0.0.0.0/0) could compromise your node. Mitigation: Double-check all configurations and restrict access to localhost.
  4. Physical Access
    If someone gains physical access to your device, they could extract sensitive data. Mitigation: Encrypt the disk and require a strong passphrase at boot.

Is This 100% Secure?

No system is ever 100% secure. This setup is highly secure for the following reasons:

  • Tor ensures network anonymity.
  • Bitcoin Core’s onlynet=onion and proxy settings route all traffic through Tor.
  • Proper configuration minimizes leaks.

However, risks remain:

  • Advanced Adversaries: State actors may attempt to correlate traffic or exploit Tor vulnerabilities.
  • Human Error: Misconfigurations or lapses in OpSec can compromise anonymity.
  • Software Bugs: Vulnerabilities in Tor, Bitcoin Core, or Ubuntu could be exploited.

Best Practices Summary

  1. Strictly Isolate: Keep the Bitcoin node and Tor on separate machines or VMs.
  2. Monitor and Audit: Regularly check logs for unusual activity.
  3. Avoid Fingerprinting: Use randomized schedules and traffic patterns to prevent behavior correlation.
  4. Limit Exposure: Minimize the services running on your server.

By following these steps, you can operate a highly secure and private Bitcoin node behind Tor.

/ / / /
Author :

0 thoughts on “How to Create an Anonymous Bitcoin Node on Ubuntu Server Behind Tor

Leave a Reply

program9 social network
molly9 SEO agency
server5 web hosting
molly9 free blogs
blog5 free blogs
web analytics
seo reports tool
hetzner cloud