Tor Control Protocol and AUTHENTICATE

Nick Mathewson nickm at
Mon Oct 2 16:57:34 UTC 2006

On Sun, Oct 01, 2006 at 02:47:19AM +0300, yousifnet wrote:
> Hello all,
> I'm developing a controller for tor (like vidalia).
> When CookieAuthentication is set to 1 tor creates the
> "control_auth_cookie" file.
> control-spec.txt does not mention how to send the content of the file
> using the AUTHENTICATE command.
> The cookie is 32 bit long. I tried sending it as a HEX string but tor
> still gives me a 515.

Encoding it in Hexadecimal should work.  Here's an example of what
worked for me just a minute ago:

[29]% telnet localhost 9100
Connected to localhost.localdomain (
Escape character is '^]'.
AUTHENTICATE ee10875cb04a837374918510d75ff600f85abc04a33fda23895954dcd69a6a3b
250 OK

I've changed the error messages in the development repository so that
the next alpha version will give more useful messages on
authentication failures.

> One more thing. Does tor accept connections other than from localhost
> to the Control Listener?

By default, no.

>  If no, is there a way of doing this (I know
> it's not recommended)?

If you want to listen on IP on port 9100, just use


You might want to read through the manual for other configuration
options of potential interest:

Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <>

More information about the tor-dev mailing list