How to connect to Tor control port (9051) from a remote host?

jaggi picture jaggi · Aug 27, 2017 · Viewed 13k times · Source

I'm trying to connect to control port (9051) of tor from a remote machine using stem python library.

dum.py

from stem import Signal
from stem.control import Controller


def set_new_ip():
    """Change IP using TOR"""
    with Controller.from_port(address = '10.130.8.169', port=9051) as controller:
        controller.authenticate(password='password')
            controller.signal(Signal.NEWNYM)
set_new_ip()

I'm getting the following error

Traceback (most recent call last):
  File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 398, in _make_socket
    control_socket.connect((self._control_addr, self._control_port))
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "dum.py", line 28, in <module>
    set_new_ip();
  File "dum.py", line 7, in set_new_ip
    with Controller.from_port(address = '10.130.4.162', port=9051) as controller:
  File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/control.py", line 998, in from_port
    control_port = stem.socket.ControlPort(address, port)
  File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 372, in __init__
    self.connect()
  File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 243, in connect
    self._socket = self._make_socket()
  File "/home/jkl/anaconda3/lib/python3.5/site-packages/stem/socket.py", line 401, in _make_socket
    raise stem.SocketError(exc)
stem.SocketError: [Errno 111] Connection refused

Then I went through /etc/tor/torrc config file. It says

The port on which Tor will listen for local connections from Tor controller applications, as documented in control-spec.txt.

   ControlPort 9051
    ## If you enable the controlport, be sure to enable one of these
    ## authentication methods, to prevent attackers from accessing it.
    HashedControlPassword 16:E5364A963AF943CB607CFDAE3A49767F2F8031328D220CDDD1AE30A471
    SocksListenAddress 0.0.0.0:9050
    CookieAuthentication 1

My question is , How do I connect to control port of Tor from a remote host?
Is there is any work around or config parameter that I need to set?

a possible duplicate of Stem is giving the "Unable to connect to port 9051" error which has no answers

Answer

drew010 picture drew010 · Aug 27, 2017

You'd need to set ControlListenAddress in addition to the ControlPort. You could set that to to 0.0.0.0 (binds to all addresses) or a specific IP your server listens on.

If you choose to do this it would be extremely advisable to configure your firewall to only allow control connections from specific IP's and block them from all others.

Also note, the control port traffic will not be encrypted, so it'd also be advisable to use cookie authentication so your password isn't sent over the net.

You could also run a hidden service to expose the control port over Tor and then connect to the hidden service using Stem and Tor.

But the general answer is ControlListenAddress needs to be set to bind to an IP other than 127.0.0.1 (localhost).