wiki:doc/TorifyHOWTO/irssi

Version 10 (modified by Jaruga, 17 months ago) (diff)

Date + sign

Written: 2018-06-05 (Jaruga)

Torifying Irssi

Irssi is a free and open-source Internet Relay Chat client originally released in 1999. It is intended to be lightweight, and offers fine-grained control over security and extensions. Irssi is primarily for *NIX based operating systems (GNU/Linux, BSD, MacOS), though it is also available for use on Windows.

Official site: https://irssi.org

Connection setup

Below we have generic instructions for generating a client certificate, configuring Irssi to recognise it and torifying your Irssi client. Prerequisites for beginning are to have installed Tor, Torsocks and of course, Irssi - you can find all of these in the repositories of most UNIX distributions.

  1. Open up /etc/tor/torrc in your favourite text editor and add the following lines:
    mapaddress 10.10.10.10 examplesite.onion
    
    Note: The map address is generic, though it must be one not in use on your local network.
  1. Generate a client certificate. From the terminal, issue the command:
    $ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes \
                  -out Server1.pem -keyout Server1.pem
    
    Note that Server1 can be changed to your preferences. Further, the --days option is the number of days before the certificate expires, and can also be changed depending on your needs.

Once the generation is complete, you will see:

Common Name (e.g. server FQDN or YOUR name) []: user

Set this to your desired username on the server.

  1. To make the directory where Irssi will find your certificates and to move your newly generated one there, issue the commands:
    $ mkdir -p ~/.irssi/certs
    $ mv Server1.pem ~/.irssi/certs/
    
  1. Print and record the certs fingerprint:
    $ openssl x509 -in ~/.irssi/certs/Server1.pem -outform der \
      | sha256sum -b | cut -d' ' -f1
    
  1. Add the server information to your ~/.irssi/config file:
    servers = (
      ...
      {
        address = "10.40.40.40";
        chatnet = "Server1";
        port = "6697"; 
        use_tls = "yes";
        tls_cert = "~/.irssi/certs/Server1.pem";
        tls_verify = "no";
        autoconnect = "no";
      }
    );
    
    chatnets = {
      ...
      Server1 = {  
        type = "IRC";  
        max_kicks = "1";
        max_msgs = "4";
        max_whois = "1";
        sasl_mechanism = "external";
        sasl_username = "user";
        sasl_password = "p455w0rd";
      };
    };
    
    settings = {
      core = { real_name = "user"; user_name = "user"; nick = "user"; };
      ...
    };
    ignores = ( { level = "CTCPS"; } );
    

Of course, modify it to your needs.

Connecting to the server

  1. Launch Irssi. Add the server and certificate with the following commands:
    /network add -sasl_username user -sasl_password p455w0rd -sasl_mechanism EXTERNAL Server1
    /server add -ssl -ssl_cert ~/.irssi/certs/Server1.pem -net Server1 10.40.40.40 6697
    
  1. Reload Tor and Irssi.
  1. Launch Irssi with Torsocks by issuing the command torsocks irssi
  1. Connect to the server with /connect Server1.

Additional steps

  1. Turn off CTCP replies with the following command in Irssi:
    /ignore * CTCPS
    /save