[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor-arm failure



Hi Ralph, I think there's some confusion about the ssh verses tor
password. All I'm suggesting is that instead of
'HashedControlPassword' you use 'CookieAuthentication 1' in your torrc
instead. This is discussed a bit on the following in case you'd care
to read more...

https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-interface-directly

Cheers! -Damian


On Sat, Sep 2, 2017 at 2:01 PM, Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
> On 02.09.17 21:26, Damian Johnson wrote:
>
>> I dropped that since it posed a security issue.
>
> Sigh... That seems a bit overzealous to me.
>
>> I'd suggest cookie authentication if you'd care to rely on file
>> permissions rather than something you know. That'll work transparently.
>
> I don't think I understand what exactly you are suggesting. Could you
> provide an example? I can currently do the following with 'arm', and
> want to it with 'nyx' as well:
>
>   me@mynotebook $ ssh foo@tornode
>   foo@tornode $ sudo -u tor /usr/bin/arm
>
> I have to enter SSH keyfile password(*) and SUDO password already, and
> don't want to enter yet another password for the Tor controller. Since
> I am the only human who can SSH to my Tor nodes, having a password in
> ~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take.
>
> -Ralph
>
> (*) I'm aware of ssh-agent.
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays