Monday, February 22, 2010

Freenode IRC - Connect via Openssl with SASL authentication


Migration of freenode to new server from hyperion-ircd to ircd-seven happened in January end,2010.With which one can connect to IRC freenode via OpenSSL encryption between client & server .Using a script in Irssi one can get authentication via SASL.Freenode's standard port is 6667 but listen's for SSL connections on ports 7000 and 7070.So here are steps of how to get SSL and SASL setup for Irssi:

1)Perl libraries required: Before hand to run Irssi script pre-requisite perl lib are Blowfish, DH and BIGNUM

2)For Debian/Ubuntu ( install irssi,perl lib pre-requisites & Openssl) :

sudo apt-get install irssi openssl libcrypt-openssl-bignum-perl libcrypt-dh-perl libcrypt-blowfish-perl

3)At terminal:

cd ~/.irssi/scripts
sudo mkdir autorun ## only if you do not have this directory already
sudo wget http://www.freenode.net/sasl/cap_sasl.pl ##location of cap_sasl.pl is ~/.irssi/scripts/autorun/
cd autorun
sudo ln -s ../cap_sasl.pl cap_sasl.pl

4)Start up irssi without connecting to anything :

irssi -!

5)Once in Irssi,at Status, setup your username and password for SASL:
/server add -auto -ssl -network freenode irc.freenode.net 7000
/server add -auto -ssl -ssl_cacert /etc/ssl/certs/GandiStandardSSLCA.pem -network freenode irc.freenode.net 7000(##Incase if you have any certification issues pass these command)
/sasl set freenode your_nick your_password DH-BLOWFISH
/sasl save
/save

6)Quit Irssi

7)Edit config file of irssi :

sudo vi ~/.irssi/config (## search for section servers and see if below entries matches & update as below)

address = "chat.us.freenode.net";
chatnet = "freenode";
port = "7000";
use_ssl = "yes";
ssl_verify = "yes";
ssl_capath = "/etc/ssl/certs";
autoconnect = "yes";

8)Now simply fire up irssi-windows ( for window's navigation btw channels).You may get something like these :

17:36 -!- Irssi: Looking up chat.us.freenode.net
17:36 -!- Irssi: SASL: auth loaded from /home/binnishah/.irssi/sasl.auth
17:36 -!- Irssi: Connecting to chat.us.freenode.net [140.211.166.4] port 7000
17:36 -!- Irssi: Connection to chat.us.freenode.net established
17:36 !niven.freenode.net *** Looking up your hostname...
17:36 !niven.freenode.net *** Checking Ident
17:36 -!- Irssi: CLICAP: supported by server: identify-msg multi-prefix sasl
17:36 -!- Irssi: CLICAP: requesting: multi-prefix sasl
17:36 -!- Irssi: CLICAP: now enabled: multi-prefix sasl
17:36 -!- binnishah!binnishah@unaffiliated/abms1116 abms1116 You are now logged in as abms1116.
17:36 -!- Irssi: SASL authentication successful
17:36 -!- Welcome to the freenode Internet Relay Chat Network binnishah
17:36 -!- Your host is niven.freenode.net[140.211.166.4/7000], running version ircd-seven-1.0.1
17:36 -!- This server was created Sat Jan 30 2010 at 21:09:36 UTC
17:36 -!- niven.freenode.net ircd-seven-1.0.1 DOQRSZaghilopswz CFILMPQbcefgijklmnopqrstvz bkloveqjfI
17:36 -!- CHANTYPES=# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQScgimnprstz CHANLIMIT=#:120 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=freenode KNOCK STATUSMSG=@+ CALLERID=g are supported by this server
17:36 -!- SAFELIST ELIST=U CASEMAPPING=rfc1459 CHARSET=ascii NICKLEN=16 CHANNELLEN=50 TOPICLEN=390 ETRACE CPRIVMSG CNOTICE DEAF=D MONITOR=100 are supported by this server
17:36 -!- FNC TARGMAX=NAMES:1,LIST:1,KICK:1,WHOIS:1,PRIVMSG:4,NOTICE:4,ACCEPT:,MONITOR: EXTBAN=$,arx WHOX CLIENTVER=3.0 are supported by this server
17:36 -!- There are 899 users and 52716 invisible on 23 servers
17:36 -!- 37 IRC Operators online
17:36 -!- 58 unknown connection(s)
17:36 -!- 27761 channels formed
17:36 -!- I have 2559 clients and 1 servers
17:36 -!- 2559 4459 Current local users 2559, max 4459
17:36 -!- 53615 60092 Current global users 53615, max 60092
17:36 -!- Highest connection count: 4460 (4459 clients) (271988 connections received)
17:36 -!- - niven.freenode.net Message of the Day



*Xchat configuration to SSL :

From Menu select--> Network list -->Networks -->Select freenode --> Edit-->Servers for freenode -->Add "irc.freenode.net/7070" -->set nickserv password
On same window you may find --> Connecting -->Click on "Use SSL for all servers on these Network"

On connection via SSL with port 7070 on Xchat ,you may find it like these:

* * Certification info:
* Subject:
* OU=Domain Control Validated
* OU=Gandi Standard Wildcard SSL
* CN=*.freenode.net
* Issuer:
* C=FR
* O=GANDI SAS
* CN=Gandi Standard SSL CA
* Public key algorithm: rsaEncryption (2048 bits)
* Sign algorithm sha1WithRSAEncryption
* Valid since Jan 13 00:00:00 2010 GMT to Jan 13 23:59:59 2011 GMT
* * Cipher info:
* Version: TLSv1/SSLv3, cipher DHE-RSA-AES256-SHA (256 bits)
* Connected. Now logging in...
* *** Looking up your hostname...
* *** Checking Ident
* Welcome to the freenode Internet Relay Chat Network abms1116
* Your host is barjavel.freenode.net[78.40.125.4/7070], running version ircd-seven-1.0.0


Public Key : 12695C6D
Fingerprint : 0131 E273 B314 E8C8 2599 E32D 99AA 9362 1269 5C6D