7.6 KiB
Home Server
The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
First install freedombone onto your local system (not the target hardware that you want to run Freedombone on). On a debian based distro:
sudo apt-get install git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup debian
freedombone-image -t i386 --onion-addresses-only yes
Or on Arch/Parabola:
sudo pacman -S git
git clone https://github.com/bashrc/freedombone
cd freedombone
git checkout stretch
sudo make install
freedombone-image --setup parabola
freedombone-image -t i386 --onion-addresses-only yes
Now prepare your local system to talk to the freedombone by running the following command. This will set up avahi and create ssh keys if necessary.
freedombone-client
The version in which sites are available only via onion addresses is the easiest to get started with, since you can evaluate the system without committing to buying an ICANN domain name or needing to get involved with SSL/TLS certificates at all. However, if you do want your sites to be available typically as subdomains of a domain name which you own then remove the –onion-addresses-only yes option from the last command shown above. Also see the guide on setting up an ICANN domain name.
The onion-addresses-only option does not mean that everything gets routed through Tor. It's intended to provide accessible web apps with minimum fuss and without needing to buy a clearnet domain name or mess with forwarding ports. Using apps via their onion addresses may provide some degree of anonymity but it may not be perfect and anonymity isn't the aim of this system (if you want that then use TAILS).
If you want to create images for microSD cards used within various single board computers then replace the i386 with beaglebone / cubieboard2 / cubietruck / a20-olinuxino-lime / a20-olinuxino-lime2 / a20-olinuxino-micro or apu.
This takes a while. Maybe an hour or so, depending on the speed of your system and the internets. The good news though is that once created you can use the resulting image any number of times, and you don't need to trust some pre-built image.
List what drives are on your system with:
ls /dev/sd*
Now plug in the USB thumb drive, and do the same again. Notice which drive letter gets added.
You can now copy the image to the USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
As the system boots for the first time the login is:
username: fbone
password: freedombone
If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
ssh fbone@freedombone.local -p 2222
Using the initial password "freedombone".
You will then be shown a new randomly generated password. It's very important that you write this down somewhere before going further, because you'll need this to log in later.
You'll be asked to set a username and a "real" name (or nickname), then the rest of the installation will be automatic. Again, it takes a while, so go and do something less boring instead. At the end of the base install you can also choose to install specific apps, but if you want to do that later then just press Enter.
When it's installed on your local system open a terminal and verify the ssh server key hash with:
freedombone-client --verify
This will show the hash code for the public ssh key of the Freedombone system.
Open another terminal window then run:
freedombone-client
ssh myusername@freedombone.local -p 2222
Use the password you wrote down earlier to log in. Select the administrator control panel with up and down cursor keys, space bar and enter key. You should see something like this, and you might need to re-enter your password.
Then select About. You'll see a list of sites and their onion addresses.
The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a machine-in-the-middle snooping on you.
You have now confirmed a secure connection. Probably. If you're still sceptical then you can power off the system, remove the microSD card and manually check the public keys within the /etc/ssh directory on the drive.
Press any key to exit from the About screen. You can then select Add/Remove apps and add whatever applications you wish to run. Note that some apps will only run on x86 systems, but most will install and run on ARM single board computers. More details on particular apps can be found here.
Once your apps have installed you can go back to the About screen, pick an onion address and try it within a Tor compatible browser. You'll need to know the login passwords and those can be found within the Passwords section of the administrator control panel. An axiom of the Freedombone system is that if given the choice users will usually use insecure passwords, so on this system passwords are generated randomly. If you need to then you can transfer the passwords into your favourite password manager and remove them from the server by going to the Security Settings section of the administrator control panel and choosing Export passwords and Password storage.
Congratulations! You have now become a citizen of the free internet.
Use your new powers wisely.
Of course, this is just one way in which you can install the Freedombone system. If you have a single board computer (SBC) such as a BeagleBone Black or OLinuxino you can make disk images for those too. You can even create clearnet sites if you have your own domain name. ARM boards with closed proprietary boot blobs are not supported. For more details run:
man freedombone-image
This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion