[tor-relays] Tor-arm failure
Damian Johnson
atagar at torproject.org
Sun Sep 3 01:30:15 UTC 2017
Oops, sorry - my bad. Didn't spot that this was already answered under
a different email subject. :)
On Sat, Sep 2, 2017 at 6:27 PM, Damian Johnson <atagar at torproject.org> wrote:
> Hi Ralph, I think there's some confusion about the ssh verses tor
> password. All I'm suggesting is that instead of
> 'HashedControlPassword' you use 'CookieAuthentication 1' in your torrc
> instead. This is discussed a bit on the following in case you'd care
> to read more...
>
> https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-interface-directly
>
> Cheers! -Damian
>
>
> On Sat, Sep 2, 2017 at 2:01 PM, Ralph Seichter <m16+tor at monksofcool.net> wrote:
>> On 02.09.17 21:26, Damian Johnson wrote:
>>
>>> I dropped that since it posed a security issue.
>>
>> Sigh... That seems a bit overzealous to me.
>>
>>> I'd suggest cookie authentication if you'd care to rely on file
>>> permissions rather than something you know. That'll work transparently.
>>
>> I don't think I understand what exactly you are suggesting. Could you
>> provide an example? I can currently do the following with 'arm', and
>> want to it with 'nyx' as well:
>>
>> me at mynotebook $ ssh foo at tornode
>> foo at tornode $ sudo -u tor /usr/bin/arm
>>
>> I have to enter SSH keyfile password(*) and SUDO password already, and
>> don't want to enter yet another password for the Tor controller. Since
>> I am the only human who can SSH to my Tor nodes, having a password in
>> ~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take.
>>
>> -Ralph
>>
>> (*) I'm aware of ssh-agent.
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list