[webwml/master] How to use cookie authentication for onion services (#27680) - tor-commits

10 Apr 2019

commit 46f49331df64b1ecf9fb61631294a1e3bc57e446
Author: traumschule traumschuleriebau@riseup.net
Date:   Sun Sep 16 01:12:48 2018 +0200
How to use cookie authentication for onion services (#27680)
---
 docs/en/faq.wml               | 13 +++++++++++++
 docs/en/tor-onion-service.wml | 30 ++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/docs/en/faq.wml b/docs/en/faq.wml
index 889cbe6b..61d2da95 100644
--- a/docs/en/faq.wml
+++ b/docs/en/faq.wml
@@ -214,6 +214,8 @@
     <li><a href="#AccessOnionServices">How do I access onion services?</a></li>
     <li><a href="#ProvideAnOnionService">How do I provide an onion service?
     </a></li>
+    <li><a href="#CookieAuthOnionService">How do I set up cookie authentication
+    for an onion service?
     </ul>
<a id="dev"></a>
@@ -3090,6 +3092,17 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a>
<hr>
+    <a id="CookieAuthOnionService"></a>
+    <h3><a class="anchor" href="#CookieAuthOnionService">How do set up cookie
+    authentication for an onion service?</a></h3>
+
+    <p>
+    See the <a href="<page docs/tor-onion-service>#CookieAuthentication">
+    "Cookie authentication" in the official onion service configuration instructions</a>.
+    </p>
+
+    <hr>
+
     <a id="Development"></a>
     <h2><a class="anchor" href="#Development">Development:</a></h2>
diff --git a/docs/en/tor-onion-service.wml b/docs/en/tor-onion-service.wml
index 2bd13ad8..1215c572 100644
--- a/docs/en/tor-onion-service.wml
+++ b/docs/en/tor-onion-service.wml
@@ -225,8 +225,38 @@
     HiddenServicePort 22 127.0.0.1:22
     </pre>
+    <p>
     To set up an onion service on Raspbian have a look at Alec Muffett's
     <a href="https://github.com/alecmuffett/eotk">Enterprise Onion Toolkit</a>.
+    </p>
+
+    <h3><a name="CookieAuthentication">Cookie authentication</a></h3>
+
+    <p>To set up cookie authentication add following lines to your
+    <a href="<page docs/faq>#torrc">torrc</a> as specified for
+    <a href="<page docs/tor-manual>#HidServAuth">HidServAuth</a> and
+    <a href="<page docs/tor-manual>#HiddenServiceAuthorizeClient">
+    HiddenServiceAuthorizeClient</a> in the manual.
+    First add following line to the torrc file of your onion service:
+    </p>
+    <pre>
+    HiddenServiceAuthorizeClient [auth-type] [service-name]
+    </pre>
+    <p>
+    Then restart/reload tor and read the cookie from the hostname file of your
+    onion service, for example in
+    <tt>/var/lib/tor/hidden_service_path/hostname</tt>.
+    To access it with another tor service add following line to torrc
+    and (re)start/reload it:
+    </p>
+    <pre>
+    HidServAuth [onion-address] [auth-cookie] [service-name]
+    </pre>
+    <p>
+    You are now able to browse to the onion service address.
+    </p>
+
+    <h3><a name="OpSec">Operational security</a></h3>
<p>Onion services operators need to practice proper
     <a href="https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity">

    