[tor-relays] Tor-arm failure

Ralph Seichter m16+tor at monksofcool.net
Sat Sep 2 21:01:41 UTC 2017


On 02.09.17 21:26, Damian Johnson wrote:

> I dropped that since it posed a security issue.

Sigh... That seems a bit overzealous to me.

> I'd suggest cookie authentication if you'd care to rely on file
> permissions rather than something you know. That'll work transparently.

I don't think I understand what exactly you are suggesting. Could you
provide an example? I can currently do the following with 'arm', and
want to it with 'nyx' as well:

  me at mynotebook $ ssh foo at tornode
  foo at tornode $ sudo -u tor /usr/bin/arm

I have to enter SSH keyfile password(*) and SUDO password already, and
don't want to enter yet another password for the Tor controller. Since
I am the only human who can SSH to my Tor nodes, having a password in
~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take.

-Ralph

(*) I'm aware of ssh-agent.


More information about the tor-relays mailing list