[tor-commits] [stem/master] Adding a FAQ entry for connecting to tor's control port directly
atagar at torproject.org
atagar at torproject.org
Sat Mar 22 19:10:40 UTC 2014
commit 779e766d8569f760ec9da201160b796b4c1f5535
Author: Damian Johnson <atagar at torproject.org>
Date: Sat Mar 22 11:54:44 2014 -0700
Adding a FAQ entry for connecting to tor's control port directly
Adding the "Can I interact with Tor's controller interface directly?" FAQ
entry. This covers how to connect to tor's control port/socket in each
scenario. This was inspired by Jen's StackExchange answer on...
https://tor.stackexchange.com/questions/1449/authenticate-telnet-connection
---
docs/faq.rst | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 125 insertions(+)
diff --git a/docs/faq.rst b/docs/faq.rst
index 447ff04..db77dcc 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -8,6 +8,7 @@ Frequently Asked Questions
* :ref:`what_python_versions_is_stem_compatible_with`
* :ref:`what_license_is_stem_under`
* :ref:`are_there_any_other_controller_libraries`
+ * :ref:`can_i_interact_with_tors_controller_interface_directly`
* :ref:`where_can_i_get_help`
* **Usage**
@@ -83,6 +84,130 @@ Library Language
`JTorCtl <https://gitweb.torproject.org/jtorctl.git>`_ Java June 2005 - May 2009
========================================================== ================ =======================
+.. _can_i_interact_with_tors_controller_interface_directly:
+
+Can I interact with Tor's controller interface directly?
+--------------------------------------------------------
+
+Yup. You don't need a library to interact with Tor's `controller interface <https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt>`_, and interacting with it directly is a great way of learning about what it can do. The exact details for how you connect to Tor depend on two things...
+
+* Where is Tor listening for controller connections? This is specified by either the **ControlPort** or **ControlSocket** option in your torrc. If you have neither then Tor will not accept controller connections.
+* What type of authentication is Tor's controller interface using? This is defined by your **CookieAuthentication** or **HashedControlPassword** option. If you have neither then Tor does not restrict access.
+
+We'll tackle each of these scenarios one at a time...
+
+* **I'm using a ControlPort**
+
+If you are using a **ControlPort** then the easiest method of talking with Tor is via **telnet**. You always need to authenticate after connecting, even if Tor does not restrict access. If your torrc doesn't have a **CookieAuthentication** or **HashedControlPassword** then to authenticate you will simply call **AUTHENTICATE** after connecting without any credentials.
+
+::
+
+ % cat ~/.tor/torrc
+ ControlPort 9051
+
+ % telnet localhost 9051
+ Trying 127.0.0.1...
+ Connected to localhost.
+ Escape character is '^]'.
+ AUTHENTICATE
+ 250 OK
+ GETINFO version
+ 250-version=0.2.5.1-alpha-dev (git-245ecfff36c0cecc)
+ 250 OK
+ QUIT
+ 250 closing connection
+ Connection closed by foreign host.
+
+* **I'm using a ControlSocket**
+
+A **ControlSocket** is a file based socket, so we'll use **socat** to connect to it...
+
+::
+
+ % cat ~/.tor/torrc
+ ControlSocket /home/atagar/.tor/socket
+
+ % socat UNIX-CONNECT:/home/atagar/.tor/socket STDIN
+ AUTHENTICATE
+ 250 OK
+ GETINFO version
+ 250-version=0.2.5.1-alpha-dev (git-245ecfff36c0cecc)
+ 250 OK
+ QUIT
+ 250 closing connection
+
+* **I'm using cookie authentication**
+
+Cookie authentication simply means that your credential is the content of a file in Tor's **DataDirectory**. You can learn information about Tor's method of authentication (including the cookie file's location) by calling **PROTOCOLINFO**...
+
+::
+
+ % cat ~/.tor/torrc
+ ControlPort 9051
+ CookieAuthentication 1
+
+ % telnet localhost 9051
+ Trying 127.0.0.1...
+ Connected to localhost.
+ Escape character is '^]'.
+ PROTOCOLINFO
+ 250-PROTOCOLINFO 1
+ 250-AUTH METHODS=COOKIE,SAFECOOKIE COOKIEFILE="/home/atagar/.tor/control_auth_cookie"
+ 250-VERSION Tor="0.2.5.1-alpha-dev"
+ 250 OK
+
+Cookie authentication has two flavors: **COOKIE** and **SAFECOOKIE**. Below we'll show you how to authenticate via COOKIE. SAFECOOKIE authentication is a lot more involved, and not something you will want to do by hand (though Stem supports it transparently).
+
+To get the credential for your AUTHENTICATE command we will use **hexdump**...
+
+::
+
+ % hexdump -e '32/1 "%02x""\n"' /home/atagar/.tor/control_auth_cookie
+ be9c9e18364e33d5eb8ba820d456aa2bc03444c0420f089ba4569b6aeecc6254
+
+ % telnet localhost 9051
+ Trying 127.0.0.1...
+ Connected to localhost.
+ Escape character is '^]'.
+ AUTHENTICATE be9c9e18364e33d5eb8ba820d456aa2bc03444c0420f089ba4569b6aeecc6254
+ 250 OK
+ GETINFO version
+ 250-version=0.2.5.1-alpha-dev (git-245ecfff36c0cecc)
+ 250 OK
+ QUIT
+ 250 closing connection
+ Connection closed by foreign host.
+
+* **I'm using password authentication**
+
+Tor's other method of authentication is a credential you know. To use it you ask Tor to hash your password, then use that in your torrc...
+
+::
+
+ % tor --hash-password "my_password"
+ 16:E600ADC1B52C80BB6022A0E999A7734571A451EB6AE50FED489B72E3DF
+
+Authenticating with this simply involves giving Tor the credential...
+
+::
+
+ % cat ~/.tor/torrc
+ ControlPort 9051
+ HashedControlPassword 16:E600ADC1B52C80BB6022A0E999A7734571A451EB6AE50FED489B72E3DF
+
+ % telnet localhost 9051
+ Trying 127.0.0.1...
+ Connected to localhost.
+ Escape character is '^]'.
+ AUTHENTICATE "my_password"
+ 250 OK
+ GETINFO version
+ 250-version=0.2.5.1-alpha-dev (git-245ecfff36c0cecc)
+ 250 OK
+ QUIT
+ 250 closing connection
+ Connection closed by foreign host.
+
.. _where_can_i_get_help:
Where can I get help?
More information about the tor-commits
mailing list