diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-09-12 13:23:06 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-13 11:47:58 -0400 |
| commit | e7ab20710c0961ba82b49628c3b76a5b78b81c68 (patch) | |
| tree | 582423a78a4113d4a0da6b99d66c0050daeaeb42 /doc/tor.1.txt | |
| parent | b4f20ec8a634dc734b103b1773d6565c876e7a24 (diff) | |
| download | tor-e7ab20710c0961ba82b49628c3b76a5b78b81c68.tar.gz tor-e7ab20710c0961ba82b49628c3b76a5b78b81c68.zip | |
hs-v3: Add changes file and man page for client authorization
Closes #27547
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'doc/tor.1.txt')
| -rw-r--r-- | doc/tor.1.txt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 869a8cedd7..37f21742b2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1087,6 +1087,16 @@ The following options are useful only for clients (that is, if services can be configured to require authorization using the **HiddenServiceAuthorizeClient** option. +[[ClientOnionAuthDir]] **ClientOnionAuthDir** __path__:: + Path to the directory containing the hidden service authorization file. The + files MUST have the suffix ".auth_private". Each file is for a single + onion address and their format is: + + + <onion-address>:descriptor:x25519:<base32-encoded-privkey> + + + The <onion-address> MUST NOT have the ".onion" suffix. See the + rend-spec-v3.txt Appendix G for more information. + [[LongLivedPorts]] **LongLivedPorts** __PORTS__:: A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells). Circuits for streams that use these @@ -2896,6 +2906,26 @@ The following options are used to configure a hidden service. including setting SOCKSPort to "0". Can not be changed while tor is running. (Default: 0) +Client Authorization +-------------------- + +(Version 3 only) + +To configure client authorization on the service side, the +"<HiddenServiceDir>/authorized_clients/" needs to exists. Each file in that +directory should be suffixed with ".auth" (the file name is irrelevant) and +its content format MUST be: + + <auth-type>:<key-type>:<base32-encoded-public-key> + +The supported <auth-type> are: "descriptor". The supported <key-type> are: +"x25519". Each file MUST contain one line only. Any malformed file will be +ignored. + +Note that once you've configured client authorization, anyone else with the +address won't be able to access it from this point on. If no authorization is +configured, the service will be accessible to all. + TESTING NETWORK OPTIONS ----------------------- |