Hi Ralph, I think there's some confusion about the ssh verses tor password. All I'm suggesting is that instead of 'HashedControlPassword' you use 'CookieAuthentication 1' in your torrc instead. This is discussed a bit on the following in case you'd care to read more...
https://stem.torproject.org/faq.html#can-i-interact-with-tors-controller-interface-directly Cheers! -Damian On Sat, Sep 2, 2017 at 2:01 PM, Ralph Seichter <m16+...@monksofcool.net> wrote: > On 02.09.17 21:26, Damian Johnson wrote: > >> I dropped that since it posed a security issue. > > Sigh... That seems a bit overzealous to me. > >> I'd suggest cookie authentication if you'd care to rely on file >> permissions rather than something you know. That'll work transparently. > > I don't think I understand what exactly you are suggesting. Could you > provide an example? I can currently do the following with 'arm', and > want to it with 'nyx' as well: > > me@mynotebook $ ssh foo@tornode > foo@tornode $ sudo -u tor /usr/bin/arm > > I have to enter SSH keyfile password(*) and SUDO password already, and > don't want to enter yet another password for the Tor controller. Since > I am the only human who can SSH to my Tor nodes, having a password in > ~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take. > > -Ralph > > (*) I'm aware of ssh-agent. > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
