Opened 7 years ago

Closed 6 years ago

#8716 closed defect (user disappeared)

HashedControlPassword Doesn't Seem To Do Anything

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version: Tor: 0.2.4.11-alpha
Severity: Keywords: tor-client controller
Cc: atagar Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After setting HashedControlPassword, I'm able to connect to the control port without being prompted for my password. Further, I can actually manually change the hash (for example, I can change the last few characters all to 'F'), and arm is still able to connect without prompting me. I've attached my torrc with the nickname and contact info removed.

Child Tickets

Attachments (1)

torrc (8.5 KB) - added by cypherpunks 7 years ago.

Download all attachments as: .zip

Change History (8)

Changed 7 years ago by cypherpunks

Attachment: torrc added

comment:1 Changed 7 years ago by nickm

Component: - Select a componentTor
Keywords: tor-client controller added
Milestone: Tor: 0.2.4.x-final
Status: newneeds_information

I just tried myself, not using arm, only using telnet. I gave the password on the command line, and started Tor with an empty torrc. The command-line I used was:

./src/or/tor -controlport 9999 -hashedcontrolpassword 16:6C5A0892C58419E160285695991BEDD067449F845E14735A6FBAB0829B

(The password there is "foo".)

When I connect with telnet and say 'AUTHENTICATE "foo" ', it succeeds, but if I give a different password, it fails.

My first guess here would be that the torrc you're editing isn't the one that your Tor is using, or that something else is overriding your Tor's configuration settings.

comment:2 Changed 7 years ago by nickm

Cc: atagar added

adding atagar to cc, since maybe this is an arm-related thing he's seen before.

comment:3 Changed 7 years ago by arma

Is the original poster using the Tor deb? In that case it auto-configures a control socket too.

comment:4 in reply to:  3 Changed 7 years ago by cypherpunks

Replying to arma:

Is the original poster using the Tor deb?

I'm on Ubuntu and installed Tor (alpha version) from the Tor repo per the instructions on the Tor site.

I installed arm with the apt-get command from the arm site.
`$ arm --version
arm version 1.4.5.0 (released April 28, 2012)`

In that case it auto-configures a control socket too.

Ah so arm set up a socket and random password for me?

comment:5 in reply to:  1 Changed 7 years ago by cypherpunks

Replying to nickm:

I just tried myself, not using arm, only using telnet. I gave the password on the command line, and started Tor with an empty torrc. The command-line I used was:

./src/or/tor -controlport 9999 -hashedcontrolpassword 16:6C5A0892C58419E160285695991BEDD067449F845E14735A6FBAB0829B

(The password there is "foo".)

When I connect with telnet and say 'AUTHENTICATE "foo" ', it succeeds, but if I give a different password, it fails.

My first guess here would be that the torrc you're editing isn't the one that your Tor is using, or that something else is overriding your Tor's configuration settings.

I can confirm that telneting in and using AUTHENTICATE works as expected (sorry, I didn't know how to check this myself before).

Sorry for the false alarm.

Even after changing my password, and checking it with telnet, I can still connect with arm even though it never asks me for a password. Does this mean arm is setting up it's own control port and password?

comment:6 Changed 7 years ago by arma

when you telnet to the controlport and ask it PROTOCOLINFO, what does it tell you?

I assume it offers a control socket, because your deb turns that on. Arm just works with what it's offered.

comment:7 Changed 6 years ago by nickm

Resolution: user disappeared
Status: needs_informationclosed
Note: See TracTickets for help on using tickets.