wiki:doc/TorifyHOWTO/irssi

Version 13 (modified by Jaruga, 17 months ago) (diff)

Revisions

Written: 2018-06-05 (Jaruga)

Torifying Irssi

Irssi is a free and open-source Internet Relay Chat client originally released in 1999. It is intended to be lightweight, and offers fine-grained control over security and extensions. Irssi is primarily for *NIX based operating systems (GNU/Linux, BSD, MacOS), though it is also available for use on Windows.

Official site: https://irssi.org

Connection setup

Below we have generic instructions for configuring Irssi to connect to servers Via Tor, as well as optional additional steps for enhanced security and various features. Prerequisites for beginning are to have installed Tor, Torsocks and of course, Irssi - you can find all of these in the repositories of most UNIX distributions.

  1. Open up /etc/tor/torrc in your favourite text editor and add the following line:
    mapaddress 10.10.10.10 examplesite.onion
    
    Note: The map address is generic, though it must be one not in use on your local network.

Connecting to the server

  1. Launch Irssi. Add the server with the following commands:
    /NETWORK ADD Server1
    /SERVER ADD --network Server1 examplesite.onion 6667
    
  1. Reload Tor and Irssi.
  1. Launch Irssi with Torsocks by issuing the command torsocks irssi
  1. Connect to the server with /connect Server1.

Additional steps

Turn of CTCP ping replies (recommended)

  1. Turn off CTCP replies with the following command in Irssi:
    /ignore * CTCPS
    /save
    

Enabling SASL (optional)

If you already have a registered account on the server and would like to authenticate using SASL, this can be done by issuing the following command in Irssi:

/NETWORK ADD -sasl_username yourname -sasl_password yourpassword -sasl_mechanism PLAIN Server1

Generating a client certificate (optional)

Below are instructions on generating a client certificate and configuring Irssi to recognise it.

  1. Generate a client certificate. From the terminal, issue the command:
    $ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes \
                  -out Server1.pem -keyout Server1.pem
    
    Note that Server1 can be changed to your preferences. Further, the --days option is the number of days before the certificate expires, and can also be changed depending on your needs.

Once the generation is complete, you will see:

Common Name (e.g. server FQDN or YOUR name) []: user

Set this to your desired username on the server.

  1. To make the directory where Irssi will find your certificates and to move your newly generated one there, issue the commands:
    $ mkdir -p ~/.irssi/certs
    $ mv Server1.pem ~/.irssi/certs/
    
  1. Print and record the certs fingerprint:
    $ openssl x509 -in ~/.irssi/certs/Server1.pem -outform der \
      | sha256sum -b | cut -d' ' -f1
    
  1. Add the server information to your ~/.irssi/config file:
    servers = (
      ...
      {
        address = "10.10.10.10";
        chatnet = "Server1";
        port = "6697"; 
        use_tls = "yes";
        tls_cert = "~/.irssi/certs/Server1.pem";
        tls_verify = "no";
        autoconnect = "no";
      }
    );
    
    chatnets = {
      ...
      Server1 = {  
        type = "IRC";  
        max_kicks = "1";
        max_msgs = "4";
        max_whois = "1";
        sasl_mechanism = "external";
        sasl_username = "user";
        sasl_password = "p455w0rd";
      };
    };
    
    settings = {
      core = { real_name = "user"; user_name = "user"; nick = "user"; };
      ...
    };
    ignores = ( { level = "CTCPS"; } );
    

Of course, modify it to your needs.

  1. Launch Irssi. To configure it to recognise your newly generated certificate, issue the following commands:
    /network add -sasl_username user -sasl_password p455w0rd -sasl_mechanism EXTERNAL Server1
    /server add -ssl -ssl_cert ~/.irssi/certs/Server1.pem -net Server1 10.10.10.10 6697