如何从远程主机连接到 Tor 控制端口 (9051)?
How to connect to Tor control port (9051) from a remote host?
我正在尝试使用 stem python 库从远程计算机连接到 tor 的控制端口 (9051)。
dum.py
from stem import Signal
from stem.control import Controller
def set_new_ip():
"""Change IP using TOR"""
with Controller.from_port(address = '10.130.8.169', port=9051) as controller:
controller.authenticate(password='password')
controller.signal(Signal.NEWNYM)
set_new_ip()
我收到以下错误
Traceback (most recent call last):
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 398, in _make_socket
control_socket.connect((self._control_addr, self._control_port))
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "dum.py", line 28, in <module>
set_new_ip();
File "dum.py", line 7, in set_new_ip
with Controller.from_port(address = '10.130.4.162', port=9051) as controller:
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/control.py", line 998, in from_port
control_port = stem.socket.ControlPort(address, port)
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 372, in __init__
self.connect()
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 243, in connect
self._socket = self._make_socket()
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 401, in _make_socket
raise stem.SocketError(exc)
stem.SocketError: [Errno 111] Connection refused
然后我查看了 /etc/tor/torrc 配置文件。
它说
The port on which Tor will listen for local connections from Tor
controller applications, as documented in control-spec.txt.
ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
HashedControlPassword 16:E5364A963AF943CB607CFDAE3A49767F2F8031328D220CDDD1AE30A471
SocksListenAddress 0.0.0.0:9050
CookieAuthentication 1
我的问题是,
如何从远程主机连接到 Tor 的控制端口?
我需要设置任何解决方法或配置参数吗?
可能重复 Stem is giving the "Unable to connect to port 9051" error 没有答案
除了 ControlPort 之外,您还需要设置 ControlListenAddress。您可以将其设置为 0.0.0.0
(绑定到所有地址)或您的服务器侦听的特定 IP。
如果您选择这样做,建议您将防火墙配置为仅允许来自特定 IP 的控制连接并阻止来自所有其他 IP 的连接。
另请注意,控制端口流量不会加密,因此建议使用 cookie 身份验证,这样您的密码就不会通过网络发送。
您还可以 运行 一个隐藏服务来暴露 Tor 上的控制端口,然后使用 Stem 和 Tor 连接到隐藏服务。
但一般的答案是需要将 ControlListenAddress 设置为绑定到 127.0.0.1(本地主机)以外的 IP。
测试 Tor 0.3.3.7
。
ControlListenAddress
配置已过时,Tor 将忽略它并记录以下消息
[warn] Skipping obsolete configuration option 'ControlListenAddress'
您仍然可以在 torrc
文件中将 ControlPort
设置为 0.0.0.0:9051
。虽然,Tor 对此不太高兴(这是正确的)并且会警告你
You have a ControlPort set to accept connections from a non-local
address. This means that programs not running on your computer can
reconfigure your Tor. That's pretty bad, since the controller protocol
isn't encrypted! Maybe you should just listen on 127.0.0.1 and use a
tool like stunnel or ssh to encrypt remote connections to your control
port.
此外,您必须设置 CookieAuthentication
或 HashedControlPassword
否则 ControlPort
将被关闭
You have a ControlPort set to accept unauthenticated connections from
a non-local address. This means that programs not running on your
computer can reconfigure your Tor, without even having to guess a
password. That's so bad that I'm closing your ControlPort for you. If
you need to control your Tor remotely, try enabling authentication and
using a tool like stunnel or ssh to encrypt remote access.
@drew010 的回答中提到的所有风险仍然有效。
我正在尝试使用 stem python 库从远程计算机连接到 tor 的控制端口 (9051)。
dum.py
from stem import Signal
from stem.control import Controller
def set_new_ip():
"""Change IP using TOR"""
with Controller.from_port(address = '10.130.8.169', port=9051) as controller:
controller.authenticate(password='password')
controller.signal(Signal.NEWNYM)
set_new_ip()
我收到以下错误
Traceback (most recent call last):
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 398, in _make_socket
control_socket.connect((self._control_addr, self._control_port))
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "dum.py", line 28, in <module>
set_new_ip();
File "dum.py", line 7, in set_new_ip
with Controller.from_port(address = '10.130.4.162', port=9051) as controller:
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/control.py", line 998, in from_port
control_port = stem.socket.ControlPort(address, port)
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 372, in __init__
self.connect()
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 243, in connect
self._socket = self._make_socket()
File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 401, in _make_socket
raise stem.SocketError(exc)
stem.SocketError: [Errno 111] Connection refused
然后我查看了 /etc/tor/torrc 配置文件。 它说
The port on which Tor will listen for local connections from Tor controller applications, as documented in control-spec.txt.
ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
HashedControlPassword 16:E5364A963AF943CB607CFDAE3A49767F2F8031328D220CDDD1AE30A471
SocksListenAddress 0.0.0.0:9050
CookieAuthentication 1
我的问题是,
如何从远程主机连接到 Tor 的控制端口?
我需要设置任何解决方法或配置参数吗?
可能重复 Stem is giving the "Unable to connect to port 9051" error 没有答案
除了 ControlPort 之外,您还需要设置 ControlListenAddress。您可以将其设置为 0.0.0.0
(绑定到所有地址)或您的服务器侦听的特定 IP。
如果您选择这样做,建议您将防火墙配置为仅允许来自特定 IP 的控制连接并阻止来自所有其他 IP 的连接。
另请注意,控制端口流量不会加密,因此建议使用 cookie 身份验证,这样您的密码就不会通过网络发送。
您还可以 运行 一个隐藏服务来暴露 Tor 上的控制端口,然后使用 Stem 和 Tor 连接到隐藏服务。
但一般的答案是需要将 ControlListenAddress 设置为绑定到 127.0.0.1(本地主机)以外的 IP。
测试 Tor 0.3.3.7
。
ControlListenAddress
配置已过时,Tor 将忽略它并记录以下消息
[warn] Skipping obsolete configuration option 'ControlListenAddress'
您仍然可以在
torrc
文件中将 ControlPort
设置为 0.0.0.0:9051
。虽然,Tor 对此不太高兴(这是正确的)并且会警告你
You have a ControlPort set to accept connections from a non-local address. This means that programs not running on your computer can reconfigure your Tor. That's pretty bad, since the controller protocol isn't encrypted! Maybe you should just listen on 127.0.0.1 and use a tool like stunnel or ssh to encrypt remote connections to your control port.
此外,您必须设置 CookieAuthentication
或 HashedControlPassword
否则 ControlPort
将被关闭
You have a ControlPort set to accept unauthenticated connections from a non-local address. This means that programs not running on your computer can reconfigure your Tor, without even having to guess a password. That's so bad that I'm closing your ControlPort for you. If you need to control your Tor remotely, try enabling authentication and using a tool like stunnel or ssh to encrypt remote access.
@drew010 的回答中提到的所有风险仍然有效。