[tor-bugs] #28295 [Core Tor/Nyx]: Non-interactive way to supply ControlPort password for nyx and tor-prompt is needed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 6 05:31:11 UTC 2019
#28295: Non-interactive way to supply ControlPort password for nyx and tor-prompt
is needed
--------------------------+------------------------------
Reporter: wagon | Owner: atagar
Type: enhancement | Status: closed
Priority: Medium | Milestone:
Component: Core Tor/Nyx | Version: Tor: 0.3.4.8
Severity: Normal | Resolution: implemented
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Comment (by wagon):
What type of authentication do you suggest when tor is controlled from
another physical or virtual machine? Should user copy a cookie file over
network each time tor process is restarted and, hence, its cookie file
recreated? Password authentication was a good compromise in such cases.
`tor-prompt` already supports password authentication, but it asks for a
password interactively. You could add `-p` option to get non-interactive
passwords, but then password may leak through a list of processes like
`ps`. So, I'm not sure we can resolve it securely without adding
configuration file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28295#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list