commit 46f49331df64b1ecf9fb61631294a1e3bc57e446 Author: traumschule <traumschuleriebau@riseup.net> Date: Sun Sep 16 01:12:48 2018 +0200 How to use cookie authentication for onion services (#27680) --- docs/en/faq.wml | 13 +++++++++++++ docs/en/tor-onion-service.wml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 889cbe6b..61d2da95 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -214,6 +214,8 @@ <li><a href="#AccessOnionServices">How do I access onion services?</a></li> <li><a href="#ProvideAnOnionService">How do I provide an onion service? </a></li> + <li><a href="#CookieAuthOnionService">How do I set up cookie authentication + for an onion service? </ul> <a id="dev"></a> @@ -3090,6 +3092,17 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a> <hr> + <a id="CookieAuthOnionService"></a> + <h3><a class="anchor" href="#CookieAuthOnionService">How do set up cookie + authentication for an onion service?</a></h3> + + <p> + See the <a href="<page docs/tor-onion-service>#CookieAuthentication"> + "Cookie authentication" in the official onion service configuration instructions</a>. + </p> + + <hr> + <a id="Development"></a> <h2><a class="anchor" href="#Development">Development:</a></h2> diff --git a/docs/en/tor-onion-service.wml b/docs/en/tor-onion-service.wml index 2bd13ad8..1215c572 100644 --- a/docs/en/tor-onion-service.wml +++ b/docs/en/tor-onion-service.wml @@ -225,8 +225,38 @@ HiddenServicePort 22 127.0.0.1:22 </pre> + <p> To set up an onion service on Raspbian have a look at Alec Muffett's <a href="https://github.com/alecmuffett/eotk">Enterprise Onion Toolkit</a>. + </p> + + <h3><a name="CookieAuthentication">Cookie authentication</a></h3> + + <p>To set up cookie authentication add following lines to your + <a href="<page docs/faq>#torrc">torrc</a> as specified for + <a href="<page docs/tor-manual>#HidServAuth">HidServAuth</a> and + <a href="<page docs/tor-manual>#HiddenServiceAuthorizeClient"> + HiddenServiceAuthorizeClient</a> in the manual. + First add following line to the torrc file of your onion service: + </p> + <pre> + HiddenServiceAuthorizeClient [auth-type] [service-name] + </pre> + <p> + Then restart/reload tor and read the cookie from the hostname file of your + onion service, for example in + <tt>/var/lib/tor/hidden_service_path/hostname</tt>. + To access it with another tor service add following line to torrc + and (re)start/reload it: + </p> + <pre> + HidServAuth [onion-address] [auth-cookie] [service-name] + </pre> + <p> + You are now able to browse to the onion service address. + </p> + + <h3><a name="OpSec">Operational security</a></h3> <p>Onion services operators need to practice proper <a href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity">