Changeset View
Changeset View
Standalone View
Standalone View
doc/tor.md
Show First 20 Lines • Show All 108 Lines • ▼ Show 20 Lines | |||||
Connecting to Tor's control socket API requires one of two authentication methods to be | Connecting to Tor's control socket API requires one of two authentication methods to be | ||||
configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051` | configured. It also requires the control socket to be enabled, e.g. put `ControlPort 9051` | ||||
in `torrc` config file. For cookie authentication the user running bitcoind must have read | in `torrc` config file. For cookie authentication the user running bitcoind must have read | ||||
access to the `CookieAuthFile` specified in Tor configuration. In some cases this is | access to the `CookieAuthFile` specified in Tor configuration. In some cases this is | ||||
preconfigured and the creation of a hidden service is automatic. If permission problems | preconfigured and the creation of a hidden service is automatic. If permission problems | ||||
are seen with `-debug=tor` they can be resolved by adding both the user running Tor and | are seen with `-debug=tor` they can be resolved by adding both the user running Tor and | ||||
the user running bitcoind to the same group and setting permissions appropriately. On | the user running bitcoind to the same group and setting permissions appropriately. On | ||||
Debian-based systems the user running bitcoind can be added to the debian-tor group, | Debian-based systems the user running bitcoind can be added to the debian-tor group, | ||||
which has the appropriate permissions. | which has the appropriate permissions. Before starting bitcoind you will need to re-login | ||||
to allow debian-tor group to be applied. Otherwise you will see the following notice: "tor: | |||||
Authentication cookie /run/tor/control.authcookie could not be opened (check permissions)" | |||||
on debug.log. | |||||
An alternative authentication method is the use | An alternative authentication method is the use | ||||
of the `-torpassword=password` option. The `password` is the clear text form that | of the `-torpassword=password` option. The `password` is the clear text form that | ||||
was used when generating the hashed password for the `HashedControlPassword` option | was used when generating the hashed password for the `HashedControlPassword` option | ||||
in the tor configuration file. The hashed password can be obtained with the command | in the tor configuration file. The hashed password can be obtained with the command | ||||
`tor --hash-password password` (read the tor manual for more details). | `tor --hash-password password` (read the tor manual for more details). | ||||
## 4. Privacy recommendations | ## 4. Privacy recommendations | ||||
- Do not add anything but Bitcoin ABC ports to the hidden service created in section 2. | - Do not add anything but Bitcoin ABC ports to the hidden service created in section 2. | ||||
If you run a web service too, create a new hidden service for that. | If you run a web service too, create a new hidden service for that. | ||||
Otherwise it is trivial to link them, which may reduce privacy. Hidden | Otherwise it is trivial to link them, which may reduce privacy. Hidden | ||||
services created automatically (as in section 3) always have only one port | services created automatically (as in section 3) always have only one port | ||||
open. | open. |