Got warning: "ControlPort is open, but no authentication method has been configured..."

代尔欣 daierxin at gmail.com
Mon May 24 02:58:23 UTC 2010


Hi Roger,
    Appreciate! I check the password setting in Vidalia. The
"Authentication" is none. On the contrary, I have to set a password.
Then the warning gone. But the connection still failed. I got below
message:
 [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake
with directory server. (DONE; DONE; count 1; recommendation warn)
 [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake
with directory server. (DONE; DONE; count 2; recommendation warn)
 [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake
with directory server. (Connection reset by peer; CONNECTRESET; count
3; recommendation warn)
 [Notice] Tried for 120 seconds to get a connection to
[scrubbed]:1443. Giving up. (waiting for circuit)

I can't visit the
"http://archives.seul.org/or/announce/Sep-2007/msg00000.html" that's
why I need tor.

Thanks!

2010/5/24 Roger Dingledine <arma at mit.edu>:
> On Mon, May 24, 2010 at 10:24:00AM +0800, ?????? wrote:
>>     I got a warning, "ControlPort is open, but no authentication
>> method has been configured.  This means that any program on your
>> computer can reconfigure your Tor.  That's bad!  You should upgrade
>> your Tor controller as soon as possible", with my tor and Vidalia. My
>> tor version is 0.2.1.26. I run tor on Ubuntu9.04. Before this warning
>> appeared, the tor worked perfectly. What this warning mean and how to
>> fix it.
>
> It depends what you did.
>
> My guess is you either 1) edited your /etc/tor/torrc and added
> a ControlPort line without also adding a HashedControlPassword or
> CookieAuthentication line, or 2) went to the Advanced settings window
> in Vidalia and changed the 'Authentication' choice to 'None'.
>
> The problem here is that you've opened up your Tor to be configured by any
> local application that can connect to it. You might think that's fine,
> but in fact your browser is a local application that can be influenced
> by a remote attacker:
> http://archives.seul.org/or/announce/Sep-2007/msg00000.html
>
> The way to fix it is to either configure your Vidalia to use
> authentication with Tor (rather than no authentication), or to leave
> Vidalia off and just run Tor by itself.
>
> --Roger
>
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list