Explain how to use auth cookie for onion services
Activity
changed milestone to %Tor: 0.4.1.x-final in legacy/trac
added component::core tor/tor in Legacy / Trac hs-auth in Legacy / Trac milestone::Tor: 0.4.1.x-final in Legacy / Trac owner::traumschule in Legacy / Trac parent::30000 in Legacy / Trac priority::medium in Legacy / Trac resolution::fixed in Legacy / Trac reviewer::asn in Legacy / Trac severity::normal in Legacy / Trac sponsor::27-must in Legacy / Trac status::closed in Legacy / Trac type::enhancement in Legacy / Trac labels
asn told on IRC that this is not implemented for v3 onion services, but it may be good to have it in the FAQ and the onion page at http://expyuzz4wqqyqhjn.onion/docs/tor-onion-service.html.en
Trac:
Owner: N/A to traumschule
Status: new to assignedhttps://github.com/torproject/webwml/pull/50
Trac:
Status: assigned to needs_reviewjust learned that it has been implemented for v3 onion services (legacy/trac#20700 (moved)) and updated the PR.
legacy/trac#4700 (moved) might be worth a hint
IRC: why isn't HiddenServiceAuthorizeClient supported on onion 3 addresses
asn: it actually is, but it works differently we might want to add a blurb when someone starts up v3 with HiddenServiceAuthorizeClient to point out to the way it should be done you need to use latest master and check the man page for 'authorized_clients' it's in the last part of it "Client Authorization" marked as "(Version 3 only)" it's still experimental, so you need to generate the keys yourself :) see https://github.com/haxxpop/torkeygen
mtigas: i'm going to try to submit a patch/pr for some man page rewording about that this weekend. if you're using 0.3.5.x by having an authorized_clients dir with valid .auth files in the hiddenservicedir, tor will enable auth for that onion. i've got an alternate key generating script here; at worst it has some more explicit instructions for setup: https://gist.github.com/mtigas/9c2386adf65345be34045dace134140b
legacy/trac#28026 (moved) is related.
Trac:
Status: needs_review to needs_revisionLet onion service authorization related tickets know of each other.
https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n615
[TODO: Also specify stealth client authorization.] (NOTE: client authorization is not implemented as of 0.3.2.1-alpha.)
Trac:
Keywords: N/A deleted, hs-auth addedAdded commit "Document hsv3 Client Authorization" https://github.com/torproject/webwml/pull/50
edit: updated onion address
Trac:
Status: needs_revision to needs_review
Cc: traumschule, mtigas to mtigas, dgoulet, asc, haxxpopTrac:
hsv3clientkey.shThis script generates client auth keys for a given v3 onion service directory. It is free software, use, modify, or copy it at your own risk; based on work by mtigas: https://gist.github.com/mtigas/9c2386adf65345be34045dace134140b
Trac:
Parent: N/A to legacy/trac#30000 (moved)
Thanks for merging but is this somewhere visible right now? I don't see it in https://2019.www.torproject.org/docs/faq.html.en
Trac:
Resolution: fixed to N/A
Status: closed to reopened-
It now works: https://2019.www.torproject.org/docs/tor-onion-service.html.en#CookieAuthentication
Thanks hiro!
Trac:
Status: reopened to closed
Resolution: N/A to fixed mentioned in issue legacy/trac#27725 (moved)
mentioned in issue legacy/trac#28026 (moved)
mentioned in issue legacy/trac#30000 (moved)
moved from legacy/trac#27680 (moved)
added Feature + 1 deleted label and removed 1 deleted label
