How add site auth key TOR

User Support General
1

Hi, can anyone tell me how to add a TOR authentication key, manual or from website? When I try to open the page and see the field to fill in the key, but when try I get a red alert saying, Unable to configure TOR with your key, I think browser can’t see key folder.

I followed these steps:

  1. In sys-whonix, I added ClientOnionAuthDir /var/lib/tor/authdir to /usr/local/etc/torrc.d/40_tor_control_panel.conf, I see in tor panel config is loading, if I can’t load in 50_user.config too.
  2. In /var/lib/tor/authdir, I created the file .auth_private.
  3. In .auth_private, I added website:descriptor:x25519:KEY.
  4. I then tried to bind directories according to the instructions at this link: How to make any file persistent (bind-dirs) — Qubes OS Documentation.

Here, I see that I need the onion_auth folder, but sys-whonix has authdir. I don’t think this is a problem since I changed the path. Tor Project | Client Authorization

However, nothing is working. When I check the browser settings to save the keys, I see Unable to retrieve keys from Tor. I can’t see my KEY from .auth_private, and I can’t add a new one manually from the browser or save it from the page modal box.

Where am I going wrong? What do I need to do? Thanks guys.

Update: At sys-whonix I run tor --ClientOnionAuthDir /var/lib/tor/authdir and I see … [warn] Failed to parse/validate config: Failed to configure client authorization for hidden services. See logs for details. but I add/do it at #1 step

2

Did you fully reboot anon-whonix after adding the ClientOnionAuthDir? Also, are you sure the key you received isn’t corrupted or (accidentally) inactive?

3

Remember I restart TOR service, and think is good, because when I fill wrong path for ClientOnionAuthDir I see error msg. when connection from tor panel about read/write permission, but I check again with restart full sys-whonix.

And do I need bind directories? Eg. if I wanted save website key just at specific VM?

4

This is sys-whonix (has sys-whonix-gateway template), I know I can input in 50_user.conf too, but for testing do at 40_tor_control_panel.conf

[gateway root /home/user]# cat /usr/local/etc/torrc.d/40_tor_control_panel.conf
ClientOnionAuthDir /var/lib/tor/authdir

This is work workstation VM (has whonix-workstation-17 template)

[workstation root /rw/config/qubes-bind-dirs.d]# cat 40_qubes-whonix.conf                            
binds+=('ClientOnionAuthDir /var/lib/tor/authdir')

[workstation root /rw/config/qubes-bind-dirs.d]# cat 50_user.conf        
binds+=('/var/lib/tor')
binds+=('/etc/tor/torrc')
binds+=('/usr/local/etc/torrc.d')

[workstation root /rw/bind-dirs]# cat usr/local/etc/torrc.d/50_user.conf 
ClientOnionAuthDir /var/lib/tor/authdir

[workstation root /rw/bind-dirs/var/lib/tor/authdir]# cat .auth_private 
.....

Where is my false, why when I open browser in Save keys I see msg. Unable to retrieve keys from Tor it mean haven’t folder access or what?

5

Nobody can help me or tell which steps I mus do? :flushed:

6

In sys-whonix > Tor control panel > Logs > torrc I see my line ClientOnionAuthDir /var/lib/tor/authdir I this folder too.

Now I need same folder at my work qube with binds OR I need this folder in whonix workstation template?

I believe nobody know how fix problem?

7

Anybody can me help, I can pay crypto for beer :beers: