{"id":1918,"date":"2015-04-10T16:48:41","date_gmt":"2015-04-10T13:48:41","guid":{"rendered":"http:\/\/www.void.gr\/kargig\/blog\/?p=1918"},"modified":"2015-04-10T16:52:29","modified_gmt":"2015-04-10T13:52:29","slug":"onion-service-authorization-cookie","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2015\/04\/10\/onion-service-authorization-cookie\/","title":{"rendered":"Onion Service Authorization Cookie"},"content":{"rendered":"

Tor Hidden\/Onion Services include a small gem that is not so well known, there’s a way to authorize only specific clients to use an Onion Service through a cookie. It sounds a bit like .htaccess for Hidden\/Onion Services.
\nI got asked today about how I use this authorization mechanism, so here it is:<\/p>\n

In server’s torrc:
\n

HiddenServiceDir \/var\/lib\/tor\/myssh\nHiddenServiceAuthorizeClient basic myclient\nHiddenServicePort 3221 12223\n<\/code2><\/pre><\/p>\n
For those who want even more “anonymity”, there’s even a ‘stealth’ mode…just replace basic<\/em> with stealth<\/em>. Read Tor’s man page for more info on stealth mode.<\/p>\n
Then in \/var\/lib\/tor\/myssh\/hostname one will see something like:
\n
# cat \/var\/lib\/tor\/myssh\/hostname  \nkeesh0ahGh6lahbe.onion auliech8bu7aighaiv4aiW # client: myclient<\/code2><\/pre><\/p>\n
Now on the client side just add to the client’s torrc this:
\nHidServAuth keesh0ahGh6lahbe.onion auliech8bu7aighaiv4aiW<\/code><\/p>\n
That’s it…it’s extremely simple to use and can potentially protect Onion Services that are only to be used by closed groups. Anyone who doesn’t have the cookie won’t be able to connect to the onion service.<\/p>\n","protected":false},"excerpt":{"rendered":"
Tor Hidden\/Onion Services include a small gem that is not so well known, there’s a way to authorize only specific clients to use an Onion Service through a cookie. It sounds a bit like .htaccess for Hidden\/Onion Services. I got asked today about how I use this authorization mechanism, so here it is: In server’s […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1918","post","type-post","status-publish","format-standard","hentry","category-general"],"aioseo_notices":[],"views":27316,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=1918"}],"version-history":[{"count":5,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1918\/revisions"}],"predecessor-version":[{"id":1923,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1918\/revisions\/1923"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=1918"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=1918"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=1918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}