Rotate onion address

Support and Troubleshooting
1

Hello I would like to understand how I can change the onion address of my umbrel server. This is of interest because it is potentially compromised (unlikely in practice, but I would like to be safe). I see indirect mention of this here:

“If an address is compromised you can rotate it manually by SSHing in and removing the private key for that hidden service and restarting your Umbrel”
However I have not seen detailed description of the steps there or elsewhere. Could someone please elaborate?
Many thanks

2

That private key is in ~/umbrel/tor/data/web folder if you SSH into your Umbrel node – so the file you want to delete is the hs_ed25519_secret_key.
To make 100% sure that it’s the correct onion address you can check by cat hostname within that folder, and compare it with the onion address given under the Umbrel dashboard > Settings > ‘Tor / Remote access’.

1 Like
3

Thank you very much for that answer. I have deleted the file and restarted my umbrel.

Indeed the old address no longer works however a new address and secret key file do not appear to have been generated. Also the old address is still displayed in the Umbrel dashboard.

How can I get a new one generated?

4

I would not play with fire…
Tor onion address is also linked to your LN node ID so you will have fucked up anyway all the peers and channels.

If you have a compromised onion address, I would go for a full reset and create a new nodeID/wallet/seed/onion etc.

Follow the instructions from the guide to recover funds using option 3 with Blixt, meanwhile you are building a new nodeID.
There’s no need to wipe all data, just reset user data (see troubleshooting manual about hos to reset user data).

Once you have the funds from previous node recovered in blixt, you can move them to your new Umbrel node or just use Blixt as a companion node to your Umbrel.

5

Thanks but in practice I think it’s most unlikely that the address was compromised and I was simply looking to follow the steps suggested by lukechilds and DHD.

I assume there must therefore be a remaining step to generate a new key/onion address?

6

If no new hs_ed25519_secret_key was created, perhaps Tor is looking at the other files that’s already there? Tor is supposed to create these files automatically afaik.
Since you already started deleting things, perhaps also delete the rest of the files in that web folder to see if Tor finally creates them again.

Perhaps the web ui picks up the address from that hostname file in there which you might not have deleted. Hopefully if Tor re-creates all files, the new one will get picked up

7

Thank you that has worked, i moved the whole web folder and a new one was created.
I now have a new .onion address, which is working for web.

Edit - lightning channels now back alive again as well, thanks all three of you for your help.

1 Like
8

Darth,

If I share my Electrs Tor address, do I lose any privacy or sacrifice any security?

For example: I want to let some friends and family connect their Sparrow wallet to my node so I send them my Tor address. Am I putting anything at risk by sharing that with them? or publicly? Can I let strangers connect to my node via Tor?

Can someone eavesdrop on me and somehow compromise my privacy or see my addresses, wallet balance, transactions, etc?

I don’t have any money on the node itself but I do have my Sparrow wallet connected to it via local.