My dynamic IP address, which is provided by my ISP, seems to be blocked by Freenode (because it is easy for us to get another IP.) According to the error message, I should connect and login with SASL. It took me a while to figure out a solution, thus I believe that it worths writing my attempts in a blog post.
This post will cover two topics:
- How to enable SASL support in Irssi 0.8.17?
- How to exchange public keys manually?
Add SASL Support to Irssi
As of writing, Irssi 0.8.17 is the version which we can installed with
apt
on Ubuntu 15.10. But, unfortunately, it does not include SASL
support. Although the latest Irssi 0.8.18 adds the SASL support, it will take
some time to propagate through different Linux distributions. Thus, we have to
manually install SASL plug-in to our Irssi 0.8.17 installation.
Yet another concern is that SASL plug-in requires Crypt::PK::ECC
module
from CPAN. However, there is no prebuilt Debian packages for this Perl module.
We have to build it by ourselves.
In summary, there are three steps to do:
- Configure
CPAN
, the Perl module repository and installation manager. - Build and install
Crypt::PK::ECC
Perl module. - Install SASL plug-in.
Let's start!
Configure CPAN
If you are a Linux end-user, it is unlikely for you to install a Perl module
via cpan
. As a result, ~/.cpan
doesn't exist and you have to
configure cpan
first.
To configure cpan
, simply run cpan -v
, and answer several
questions:
$ cpan -v
Sorry, we have to rerun the configuration dialog for CPAN.pm due to
some missing parameters. Configuration will be written to
<</home/logan/.cpan/CPAN/MyConfig.pm>>
CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.
Would you like to configure as much as possible automatically? [yes]
First, you will be asked whether to create the configuration file with default options or not. We can choose yes and press enter.
<install_help>
Warning: You do not have write permission for Perl library directories.
To install modules, you need to configure a local Perl library directory or
escalate your privileges. CPAN can help you by bootstrapping the local::lib
module or by configuring itself to use 'sudo' (if available). You may also
resolve this problem manually if you need to customize your setup.
What approach do you want? (Choose 'local::lib', 'sudo' or 'manual')
[local::lib] manual
Second, you will be asked about the installation destination. Choose manual so that we can resolve the problem by ourselves.
Build a Debian Package of a Perl Module
Although we can install Perl packages with cpan
, packing it as a Debian
package makes it easier to uninstall them in the future. Fortunately, it is
easy to pack one with dh-make-perl
.
First, we have to install dh-make-perl
:
$ sudo apt-get install dh-make-perl
Second, we can create a Debian package with:
$ dh-make-perl --build --cpan Crypt::PK::ECC
== dh-make-perl 0.87 ==
# ... output skipped ...
Third, we can install the Debian package with:
$ sudo dpkg -i libcryptx-perl_*.deb
OPTIONAL: You can remove ~/.cpan
directory and dh-make-perl
package now (if you wish.) We don't need them anymore.
Install SASL Plug-in
Finally, we can install SASL plug-in for Irssi:
# Create a scripts directory
$ mkdir -p ~/.irssi/scripts/autorun
# Download the SASL plug-in for Irssi
$ wget -O ~/.irssi/scripts/cal_sasl.pl \
https://raw.githubusercontent.com/atheme/atheme/master/contrib/cap_sasl.pl
# Create a soft link so that it will be loaded automatically
$ ln -s ../cal_sasl.pl ~/.irssi/scripts/autorun
Setup SASL for Freenode
If you can connect to Freenode, you can enable SASL simply by doing:
/sasl keygen
/sasl save
However, unfortunately, if you can't connect to Freenode without SASL, then you have to set up the settings by yourself.
First, generate a pair of public and private keys with:
/sasl keygen [NETWORK-NAME]
Note: Please replace [NETWORK-NAME]
with the network name you would
like to use. In my example, it is freenode
.
A message will be printed:
15:29 -!- Irssi: /sasl set freenode <nick> sasl-ecdsa-freenode.key
ECDSA-NIST256P-CHALLENGE
15:29 -!- Irssi: SASL: submit your pubkey to freenode:
15:29 -!- Irssi: /msg NickServ SET PUBKEY
Anp3i5dEPsFsV9zI00b5YN/c8/JNEwwlo7TLdsMdaL7O
From this message, we know that:
- The private key is available at
$HOME/.irssi/sasl-ecdsa-freenode.key
. - The public key is
Anp3i5dEPsFsV9zI00b5YN/c8/JNEwwlo7TLdsMdaL7O
. You will need the public key in the upcoming step.
Second, ask Irssi to loaded the private key with:
/sasl set [NETWORK-NAME] [NICK] [PRIVATE-KEY-PATH] ECDSA-NIST256P-CHALLENGE
/sasl save
Note: Please replace [NETWORK-NAME]
with the network name,
[NICK]
with your nick name on the network, and
[PRIVATE-KEY-PATH]
with your private key file path printed above.
Third, log in Freenode via Freenode Web IRC. Authenticate for the nick name with:
/msg NickServ identify [PASSWORD]
And then, set the public key with:
/msg NickServ SET PUBKEY [KEY]
Logout from the Freenode Web IRC with:
/quit
Finally, you should be able to connect to Freenode with Irssi:
$ irssi
Remarks
Although this might be off-topic, I am connecting to Freenode with SSL encryption as well. If you do care about your privacy and/or data integrity, it will be a good idea to enable SSL encryption. This is my Irssi server configuration:
{
address = "irc.freenode.net";
chatnet = "freenode";
port = "6697";
password = "[PASSWORD]";
use_ssl = "yes";
ssl_verify = "yes";
},