On 02.09.17 23:39, nusenu wrote:
The ControlPort supports none, password-based and cookie-based authentication, Damian was suggesting the cookie option:
https://www.torproject.org/docs/tor-manual.html.en#CookieAuthentication https://www.torproject.org/docs/tor-manual.html.en#ControlPort
Ah, I misunderstood, thanks for clarifying. I have made my SSH-user member of the Tor-user's group, added
CookieAuthentication 1 CookieAuthFile /var/lib/tor/cookie_auth CookieAuthFileGroupReadable 1
to torrc, and now I can indeed run Nyx without typing a controller password. However, the following notices are displayed in Nyx:
[NYX_NOTICE] We were unable to use any of your system's resolvers to get tor's connections.This is fine, but means that the connections page will be empty. This is usually permissions related so if you would like to fix this then run nyx with the same user as tor (ie, "sudo -u <tor user> nyx"). [NYX_NOTICE] Unable to query connections with netstat, trying lsof [NYX_NOTICE] Unable to query connections with proc, trying netstat
Not being able to see the connections is a bit of a disadvantage. More importantly: The first notice directly contradicts the advice not to use "sudo -u tor" to run Arm or Nyx. Make up your mind, you guys. :-D
I also tried using a control socket instead of a control port, alas, the parameter RelaxDirModeCheck is rejected by Tor 0.3.0.10:
[warn] Failed to parse/validate config: Unknown option 'RelaxDirModeCheck'. Failing. [err] Reading config failed--see warnings above.
It is documented in https://www.torproject.org/docs/tor-manual.html.en and without RelaxDirModeCheck, Tor does not start unless the directory containing the control socket is accessible only by the Tor user, so no access for anybody else, meaning once more that Arm/Nyx needs to be run as the Tor user... Deep breaths. ;-)
-Ralph