Oops, sorry - my bad. Didn't spot that this was already answered under a different email subject. :)
On Sat, Sep 2, 2017 at 6:27 PM, Damian Johnson atagar@torproject.org wrote:
Hi Ralph, I think there's some confusion about the ssh verses tor password. All I'm suggesting is that instead of 'HashedControlPassword' you use 'CookieAuthentication 1' in your torrc instead. This is discussed a bit on the following in case you'd care to read more...
https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-int...
Cheers! -Damian
On Sat, Sep 2, 2017 at 2:01 PM, Ralph Seichter m16+tor@monksofcool.net wrote:
On 02.09.17 21:26, Damian Johnson wrote:
I dropped that since it posed a security issue.
Sigh... That seems a bit overzealous to me.
I'd suggest cookie authentication if you'd care to rely on file permissions rather than something you know. That'll work transparently.
I don't think I understand what exactly you are suggesting. Could you provide an example? I can currently do the following with 'arm', and want to it with 'nyx' as well:
me@mynotebook $ ssh foo@tornode foo@tornode $ sudo -u tor /usr/bin/arm
I have to enter SSH keyfile password(*) and SUDO password already, and don't want to enter yet another password for the Tor controller. Since I am the only human who can SSH to my Tor nodes, having a password in ~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take.
-Ralph
(*) I'm aware of ssh-agent. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays