Version 15 (modified by Jaruga, 2 years ago) (diff)


Written: 2018-06-05 (Jaruga)

Torifying Irssi

Irssi is a free and open-source Internet Relay Chat client originally released in 1999. It is intended to be lightweight, and offers fine-grained control over security and extensions. Irssi is primarily for *NIX based operating systems (GNU/Linux, BSD, MacOS), though it is also available for use on Windows.

Official site:

Connection setup

Below we have generic instructions for configuring Irssi to connect to servers via Tor as well as optional additional steps for enhanced security and various features. Prerequisites for beginning are to have installed Tor, Torsocks and of course, Irssi - you can find all of these in the repositories of most UNIX distributions.

Connecting to the server

  1. Launch Irssi. Add the server with the following commands:
    /NETWORK ADD Server1
    /SERVER ADD --network Server1 examplesite.onion 6667
    Note: Server1 is generic, and can be changed to your preferences.
  1. Reload Tor and Irssi.
  1. Launch Irssi with Torsocks by issuing the command torsocks irssi
  1. Connect to the server with /connect Server1.

Additional steps

(Recommended) Turn of CTCP ping replies

  1. Turn off CTCP replies with the following command in Irssi:
    /ignore * CTCPS

(Optional) Enabling SASL

If you already have a registered account on the server and would like to authenticate using SASL, this can be done by issuing the following command in Irssi:

/NETWORK ADD -sasl_username yourname -sasl_password yourpassword -sasl_mechanism PLAIN Server1

(Optional) Generating a client certificate

Below are instructions on generating a client certificate and configuring Irssi to recognise it.

  1. Open up /etc/tor/torrc in your favourite text editor and add the following line:
    mapaddress examplesite.onion
    Note: The map address is generic, though it must be one not in use on your local network.
  1. Generate a client certificate. From the terminal, issue the command:
    $ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes \
                  -out Server1.pem -keyout Server1.pem

Note: the --days option is the number of days before the certificate expires, and can also be changed depending on your needs.

Once the generation is complete, you will see:

Common Name (e.g. server FQDN or YOUR name) []: user

Set this to your desired username on the server.

  1. To make the directory where Irssi will find your certificates and to move your newly generated one there, issue the commands:
    $ mkdir -p ~/.irssi/certs
    $ mv Server1.pem ~/.irssi/certs/
  1. Print and record the certs fingerprint:
    $ openssl x509 -in ~/.irssi/certs/Server1.pem -outform der \
      | sha256sum -b | cut -d' ' -f1
  1. Add the server information to your ~/.irssi/config file:
    servers = (
        address = "";
        chatnet = "Server1";
        port = "6697"; 
        use_tls = "yes";
        tls_cert = "~/.irssi/certs/Server1.pem";
        tls_verify = "no";
        autoconnect = "no";
    chatnets = {
      Server1 = {  
        type = "IRC";  
        max_kicks = "1";
        max_msgs = "4";
        max_whois = "1";
        sasl_mechanism = "external";
        sasl_username = "user";
        sasl_password = "p455w0rd";
    settings = {
      core = { real_name = "user"; user_name = "user"; nick = "user"; };
    ignores = ( { level = "CTCPS"; } );

Of course, modify it to your needs.

  1. Launch Irssi. To configure it to recognise your newly generated certificate, issue the following commands:
    /network add -sasl_username user -sasl_password p455w0rd -sasl_mechanism EXTERNAL Server1
    /server add -ssl -ssl_cert ~/.irssi/certs/Server1.pem -net Server1 6697