Re: [tor-dev] non-anonymous ephemeral onion services with stem
On 12/28/2016 12:40 PM, Yawning Angel wrote: > On Wed, 28 Dec 2016 12:19:17 -0800 > Micah Leewrote: > >> And when other processes connect to the Tor control port and run >> create_ephemeral_hidden_service, those onion services wouldn't be >> non-anonymous? > > They'll be non-anonymous (as in, the options are global). This also > will not work if there is a SOCKS port configured. Basically, > unless you are launching your own copy of the tor daemon, just for > non-anonymous HSes, it's a terrible idea to use these options in > general. Thank you, this is good to know! For my specific use-case, it would be great if you could pass an argument to ADD_ONION that makes that specific onion service non-anonymous, without changing anything globally. But for the time-being I won't add support for non-anonymous onion services to OnionShare. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
On Wed, 28 Dec 2016 12:19:17 -0800 Micah Leewrote: > And when other processes connect to the Tor control port and run > create_ephemeral_hidden_service, those onion services wouldn't be > non-anonymous? They'll be non-anonymous (as in, the options are global). This also will not work if there is a SOCKS port configured. Basically, unless you are launching your own copy of the tor daemon, just for non-anonymous HSes, it's a terrible idea to use these options in general. Regards, -- Yawning Angel pgpA9Ze34XqQF.pgp Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
> Excellent. I'm pretty sure this will work, but can you confirm? If I'd > like to use a non-anonymous ephemeral onion service, would code that's > something like this work, assuming c is a Controller? > > c.set_conf('HiddenServiceSingleHopMode', 1) > c.set_conf('HiddenServiceNonAnonymousMode', 1) > c.create_ephemeral_hidden_service(8080) > > And when other processes connect to the Tor control port and run > create_ephemeral_hidden_service, those onion services wouldn't be > non-anonymous? Good question. The non-anonymous torrc options are pretty clunky to use. In part this is by design because the authors wanted to discourage their use. I thought those torrc options could only be set prior to tor starting up (like DisableDebuggerAttachment), but on reflection the manual doesn't say that so maybe that's not the case? However, seems you also need to set 'SOCKSPort 0'... https://www.torproject.org/docs/tor-manual.html.en#HiddenServiceNonAnonymousMode If you call the above SETCONF does tor give any indication that you need to set the SOCKSPort too? If not then it feels like it should since that's pretty unintuitive. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
On 12/28/2016 09:39 AM, Damian Johnson wrote: > Oops, great catch - thanks Micah! Added a note saying how to use them... > > "Version 1.5: Added support for non-anonymous services. To do so set > 'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1' > in your torrc." Excellent. I'm pretty sure this will work, but can you confirm? If I'd like to use a non-anonymous ephemeral onion service, would code that's something like this work, assuming c is a Controller? c.set_conf('HiddenServiceSingleHopMode', 1) c.set_conf('HiddenServiceNonAnonymousMode', 1) c.create_ephemeral_hidden_service(8080) And when other processes connect to the Tor control port and run create_ephemeral_hidden_service, those onion services wouldn't be non-anonymous? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
Oops, great catch - thanks Micah! Added a note saying how to use them... "Version 1.5: Added support for non-anonymous services. To do so set 'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1' in your torrc." On Wed, Dec 28, 2016 at 8:54 AM, Micah Leewrote: > The stem documentation for create_ephemeral_hidden_service [1] says: > "Changed in version 1.5.0: Added support for non-anonymous services." > > But I can't figure out to actually use this feature. There doesn't seem > to be a new argument to say if you want your onion service to be > non-anonymous. > > It also says, "Changed in version 1.5.0: Added the basic_auth argument." > But there's a new basic_auth argument you can pass into the function to > use that. > > [1] > https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service > ___ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] non-anonymous ephemeral onion services with stem
The stem documentation for create_ephemeral_hidden_service [1] says: "Changed in version 1.5.0: Added support for non-anonymous services." But I can't figure out to actually use this feature. There doesn't seem to be a new argument to say if you want your onion service to be non-anonymous. It also says, "Changed in version 1.5.0: Added the basic_auth argument." But there's a new basic_auth argument you can pass into the function to use that. [1] https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev