I'd say the normal server hardening precautions apply. Off the top of my head:
- keep software/packages up to date - only use public-key authentication for ssh / disable password-based auth - optionally change the ssh port (it just avoids the worst of the port scanning / brute force attempts) - limit the number of services running on your relays (ideally only run Tor and supporting services (i.e., maybe dns) - firewall off (deny) everything except DirPort/ORPort/ssh
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
