[tor-relays] Relay ssh control/monitor ? Config is secure ?

Pierre L. petrus at miosweb.mooo.com
Wed Jan 27 21:17:46 UTC 2016 

Thx to you 2 for those useful explanations and url to read.
Now it's ok for me for this question.
Thx


Le 27/01/2016 17:07, Damian Johnson a écrit :
> Hi Pierre. Nope, no need to change your torrc - the control port is
> only available on localhost by default (not sure why Josef said that).
>
> I'd suggest using just password auth *or* an cookie auth. Using both
> doesn't make you more secure, it simply allows controllers to
> authenticate with either. Cookie auth is the easiest to work with. For
> a little more information on this see...
>
> https://stem.torproject.org/tutorials/the_little_relay_that_could.html
>
> Using a ControlSocket rather than a ControlPort wouldn't hurt, but I'd
> say the config you have is just fine.
>
>
> On Wed, Jan 27, 2016 at 1:45 AM, Pierre L. <petrus at miosweb.mooo.com> wrote:
>> Thx Josef for your answer.
>> ( IPv4 only here...)
>> So if I've understood, to limit online attacks, the torrc config will be
>> changed from
>>
>> ControlPort 9051
>> HashedControlPassword xxxxxxxxxxx
>> CookieAuthentication 0
>>
>> to:
>>
>> ControlPort 127.0.0.1:9051
>> HashedControlPassword xxxxxxxxxxx
>> CookieAuthentication 0
>>
>>
>> Thx.
>>
>>
>> Le 27/01/2016 10:14, Josef 'veloc1ty' Stautner a écrit :
>>> Hi,
>>>
>>> the control port should bind to 127.0.0.1 or ::1. If so it's ok.
>>>
>>> ~Josef
>>>
>>> Am 27.01.2016 um 10:05 schrieb Pierre L.:
>>>> Hi all,
>>>>
>>>> Some noob questions about controlling/monitoring my Tor relay on a Linux
>>>> box... hosted in an ISP datacenter, so WAN IP and ports are showed to
>>>> the www.
>>>> I got SSH access.
>>>> I've found tor-arm console UI, useful to show real-time bandwidth used,
>>>> and other stuff.
>>>>
>>>> 1. If possible, I need to know if my current config is secure and
>>>> useful, torrc contains
>>>> ControlPort 9051
>>>> HashedControlPassword xxxxxxxxxxx
>>>> CookieAuthentication 0
>>>>
>>>> 2.  On some websites, I see screenshots with something like this on
>>>> control config : /var/run/tor/control
>>>> May be it's more secure on an online server ? No need to have another
>>>> listening port like 9051
>>>> Sry I haven't found any information about this config... and how to make
>>>> it possible...
>>>>
>>>> Thx for your help !
>>>>
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list