[tor-relays] Relay ssh control/monitor ? Config is secure ?
Tim Wilson-Brown - teor
teor2345 at gmail.com
Thu Jan 28 19:52:05 UTC 2016
> On 28 Jan 2016, at 03:07, Damian Johnson <atagar at torproject.org> wrote:
>
> Hi Pierre. Nope, no need to change your torrc - the control port is
> only available on localhost by default (not sure why Josef said that).
Some FreeBSD jail and OpenVZ configs assign 127.0.0.1 to a non-loopback interface.
We're working on detecting that in Trac ticket #17901, until then, it's more reliably secure to use a ControlSocket on these systems.
Alternately, you can confirm that:
* The first IP address assigned to the FreeBSD jail is not a public address (FreeBSD redirects jail connections to 127.0.0.1 to the first jail IP address), or
* OpenVZ has not assigned 127.0.0.1 to a non-loopback interface, you want it on lo* rather than venet* (you can use ifconfig or similar to check this)
https://trac.torproject.org/projects/tor/ticket/17901
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160129/7d21a5e7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160129/7d21a5e7/attachment.sig>
More information about the tor-relays
mailing list