[tor-relays] Relay ssh control/monitor ? Config is secure ?

Damian Johnson atagar at torproject.org
Wed Jan 27 16:07:38 UTC 2016 

Hi Pierre. Nope, no need to change your torrc - the control port is
only available on localhost by default (not sure why Josef said that).

I'd suggest using just password auth *or* an cookie auth. Using both
doesn't make you more secure, it simply allows controllers to
authenticate with either. Cookie auth is the easiest to work with. For
a little more information on this see...

https://stem.torproject.org/tutorials/the_little_relay_that_could.html

Using a ControlSocket rather than a ControlPort wouldn't hurt, but I'd
say the config you have is just fine.


On Wed, Jan 27, 2016 at 1:45 AM, Pierre L. <petrus at miosweb.mooo.com> wrote:
> Thx Josef for your answer.
> ( IPv4 only here...)
> So if I've understood, to limit online attacks, the torrc config will be
> changed from
>
> ControlPort 9051
> HashedControlPassword xxxxxxxxxxx
> CookieAuthentication 0
>
> to:
>
> ControlPort 127.0.0.1:9051
> HashedControlPassword xxxxxxxxxxx
> CookieAuthentication 0
>
>
> Thx.
>
>
> Le 27/01/2016 10:14, Josef 'veloc1ty' Stautner a écrit :
>> Hi,
>>
>> the control port should bind to 127.0.0.1 or ::1. If so it's ok.
>>
>> ~Josef
>>
>> Am 27.01.2016 um 10:05 schrieb Pierre L.:
>>> Hi all,
>>>
>>> Some noob questions about controlling/monitoring my Tor relay on a Linux
>>> box... hosted in an ISP datacenter, so WAN IP and ports are showed to
>>> the www.
>>> I got SSH access.
>>> I've found tor-arm console UI, useful to show real-time bandwidth used,
>>> and other stuff.
>>>
>>> 1. If possible, I need to know if my current config is secure and
>>> useful, torrc contains
>>> ControlPort 9051
>>> HashedControlPassword xxxxxxxxxxx
>>> CookieAuthentication 0
>>>
>>> 2.  On some websites, I see screenshots with something like this on
>>> control config : /var/run/tor/control
>>> May be it's more secure on an online server ? No need to have another
>>> listening port like 9051
>>> Sry I haven't found any information about this config... and how to make
>>> it possible...
>>>
>>> Thx for your help !
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list