NickServにニックネームを登録
weechatでLibera.Chat用の設定を追加。Libera.Chatは登録時にtorを使えないので、接続アドレスやproxyを無効化する点に注意。
/server del libera /server add libera localhost /set irc.server.libera.addresses 'irc.libera.chat/6697' /set irc.server.libera.nicks 'XXXXXXX,XXXXXXX0,XXXXXXX1,XXXXXXX2' /set irc.server.libera.realname 'XXXXXXX' /set irc.server.libera.username 'XXXXXXX' /set irc.server.libera.proxy ''
weechatでliberaに接続。
/connect libera (snip) ... (snip)
ニックネームとパスワードとメールアドレスの対応付けを申請。
/msg NickServ REGISTER YourPassword youremail@example.com 08:05 -- NickServ (NickServ@services.libera.chat): An email containing nickname activation instructions has been sent to youremail@example.com. 08:05 -- NickServ (NickServ@services.libera.chat): Please check the address if you don't receive it. If it is incorrect, DROP then REGISTER again. 08:05 -- NickServ (NickServ@services.libera.chat): If you do not complete registration within one day, your nickname will expire. 08:05 -- NickServ (NickServ@services.libera.chat): XXXXXXX is now registered to youremail@example.com.
申請したメールアドレスに届いたメール登録コマンドをNickServ宛に送信。
/msg NickServ VERIFY REGISTER XXXXXXX PPPPPPPPPPPPPPPP 08:08 -- NickServ (NickServ@services.libera.chat): XXXXXXX has now been verified. 08:08 -- NickServ (NickServ@services.libera.chat): Thank you for verifying your e-mail address! You have taken steps in ensuring that your registrations are not exploited. 08:08 -- You are now logged in as XXXXXXX (XXXXXXX!~XXXXXXX@FQDN) 08:08 -- NickServ (NickServ@services.libera.chat): You have been given a default user cloak. 08:08 -- user/XXXXXXX is now your hidden host (set by services.)
いったんdisconnectした後に再接続して、登録済みのニックネームが使えるかチェック。そのままだとニックネームを変えるかidentifyせよといわれるが、whoisで見るとnicknameが使えている。ただし、identifyされていないニックネームだとtorが使えない。
/disconnect libera /connect libera 08:22 -- NickServ (NickServ@services.libera.chat): This nickname is registered. Please choose a different nickname, or identify via /msg NickServ IDENTIFY XXXXXXX/whois 08:48 -- [XXXXXXX] (~XXXXXXX@FQDN): XXXXXXX 08:48 -- [XXXXXXX] tantalum.libera.chat (Amsterdam, NL) 08:48 -- [XXXXXXX] is using a secure connection [TLSv1.3, TLS_AES_256_GCM_SHA384] 08:48 -- [XXXXXXX] actually using host III.PPP.AAA.DDD 08:48 -- [XXXXXXa] idle: 00 hours 00 minutes 09 seconds, signon at: Sat, 15 Feb 2025 08:48:04 08:48 -- [XXXXXXX] End of /WHOIS list.
登録済みのニックネームを使うにはNickServにidentifyコマンドを送信。
/msg nickserv identify XXXXXXX PPPPPPPPPPPPPPPP 08:51 -- NickServ (NickServ@services.libera.chat): You are now identified for XXXXXXX. 08:51 -- NickServ (NickServ@services.libera.chat): Last login from: ~XXXXXXX@FQDN on Feb 14 23:34:38 2025 +0000. 08:51 -- NickServ (NickServ@services.libera.chat): 1 failed login since last login. 08:51 -- NickServ (NickServ@services.libera.chat): Last failed attempt from: XXXXXXX!~XXXXXXX@FQDN on Feb 14 23:43:57 2025 +0000. 08:51 -- You are now logged in as XXXXXXX (XXXXXXX!~XXXXXXX@FQDN) 08:51 -- user/XXXXXXX is now your hidden host (set by services.)
identifyに成功したあとに/whoisコマンドを送信すると以下のように見える。接続元のFQDNもIPアドレスも見えている。
/whois XXXXXXX 08:55 -- [XXXXXXX] (~XXXXXXX@user/XXXXXXX): XXXXXXX 08:55 -- [XXXXXXX] tantalum.libera.chat (Amsterdam, NL) 08:55 -- [XXXXXXX] is using a secure connection [TLSv1.3, TLS_AES_256_GCM_SHA384] 08:55 -- [XXXXXXX] is connecting from *@FQDN III.PPP.AAA.DDD 08:55 -- [XXXXXXX] idle: 00 hours 04 minutes 25 seconds, signon at: Sat, 15 Feb 2025 08:48:04 08:55 -- [XXXXXXX] is logged in as XXXXXXX 08:55 -- [XXXXXXX] End of /WHOIS list.
NickServにクライアント証明書を登録
weechatのクライアント証明書ディレクトリに移動して、その中でクライアント証明書を作る。
>
$ mkdir ~/.weechat/certs
$ cd ~/.weechat/certs
$ openssl req -x509 -new -newkey ed25519 -sha256 -nodes -out libera.pem -keyout libera.pem
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
$ openssl x509 -in libera.pem -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788
$ cat libera.pem
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIK2RinlnZn1dI1jgYZ7ZD5y+2/KsnKa3OoOoVbb8ocKI
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBnzCCAVGgAwIBAgIUbxxWzGsXoTlgtjwOi0KWwpVi+zEwBQYDK2VwMEUxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQwHhcNMjUwMjE1MDAzMjAxWhcNMjUwMzE3MDAzMjAx
WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY
SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEAK+YNehjpRpFuc5uJ
wcMGL8bEKQFztD7slNoT3VT9vn6jUzBRMB0GA1UdDgQWBBRFAI+9Kyhm4AIoocLu
W6X5cOEHazAfBgNVHSMEGDAWgBRFAI+9Kyhm4AIoocLuW6X5cOEHazAPBgNVHRMB
Af8EBTADAQH/MAUGAytlcANBALNPa+omiR9bNwp7ukt3TjZUm+Yyr0mlLy90zfin
suF2yGrj0nPeH8zU5wALLZ2+pacNFDggKGzT9c3paegZ0Ac=
-----END CERTIFICATE-----
weechatの設定を書き換えて、SSL/TLSを使うようにしてクライアント証明書のパスを追加。
/server del libera /server add libera localhost /set irc.server.libera.addresses 'irc.libera.chat/6697' /set irc.server.libera.nicks 'XXXXXXX,XXXXXXX0,XXXXXXX1,XXXXXXX2' /set irc.server.libera.realname 'XXXXXXX' /set irc.server.libera.username 'XXXXXXX' /set irc.server.libera.proxy '' /set irc.server.libera.command "/msg nickserv identify XXXXXXX PPPPPPPPPPPPPPPP" /set irc.server.libera.tls on /set irc.server.libera.tls_verify on /set irc.server.libera.tls_cert %h/certs/libera.pem
liberaに再接続して、nickservにニックネームとクライアント証明書の指紋の紐づけを登録
/connect libera /msg nickserv cert add 01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788 09:20 -- NickServ (NickServ@services.libera.chat): Added fingerprint 01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788 to your fingerprint list.
nickservに登録されたニックネームとクライアント証明書の紐づけを確認。
/msg nickserv cert list 09:20 -- NickServ (NickServ@services.libera.chat): Fingerprint list for XXXXXXX: 09:20 -- NickServ (NickServ@services.libera.chat): - 01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788 09:20 -- NickServ (NickServ@services.libera.chat): End of XXXXXXX fingerprint list.
public-key (not plain) SASL authenticationを設定
weechatの設定を書き換えて、SASLのexternalを使うように追加。SASLを使うようにするとnickservへのidentifyは不要。
/server del libera /server add libera localhost /set irc.server.libera.addresses 'irc.libera.chat/6697' /set irc.server.libera.nicks 'XXXXXXX,XXXXXXX0,XXXXXXX1,XXXXXXX2' /set irc.server.libera.realname 'XXXXXXX' /set irc.server.libera.username 'XXXXXXX' /set irc.server.libera.proxy '' /set irc.server.libera.tls on /set irc.server.libera.tls_verify on /set irc.server.libera.tls_cert %h/certs/libera.pem /set irc.server.libera.sasl_mechanism external
再接続してwhoisで確認。ニックネームが登録されていないとは言われなくなったが、接続元のFQDNもIPアドレスも見えている。
/connect libera /whois XXXXXXX 10:05 -- [XXXXXXX] (~XXXXXXX@user/XXXXXXX): XXXXXXX 10:05 -- [XXXXXXX] copper.libera.chat (Sofia, BG) 10:05 -- [XXXXXXX] is using a secure connection [TLSv1.3, TLS_AES_256_GCM_SHA384] 10:05 -- [XXXXXXX] has client certificate fingerprint 01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788 10:05 -- [XXXXXXX] is connecting from *@FQDN III.PPP.AAA.DDD 10:05 -- [XXXXXXX] idle: 00 hours 00 minutes 13 seconds, signon at: Sat, 15 Feb 2025 10:05:17 10:05 -- [XXXXXXX] is logged in as XXXXXXX 10:05 -- [XXXXXXX] End of /WHOIS list.
Tor経由で接続
weechatの設定を書き換えて、9050ポート,socks5 プロトコルで待ち受けているTor proxyを使う設定とTor用のアドレスを使う設定を追加
/server del libera /server add libera localhost /set irc.server.libera.addresses 'irc.libera.chat/6697' /set irc.server.libera.nicks 'XXXXXXX,XXXXXXX0,XXXXXXX1,XXXXXXX2' /set irc.server.libera.realname 'XXXXXXX' /set irc.server.libera.username 'XXXXXXX' /set irc.server.libera.proxy '' /set irc.server.libera.tls on /set irc.server.libera.tls_verify on /set irc.server.libera.tls_cert %h/certs/libera.pem /set irc.server.libera.sasl_mechanism external /proxy del local-tor /proxy add local-tor socks5 localhost 9050 /set weechat.proxy.local-tor.address 'localhost' /set weechat.proxy.local-tor.port 9050 /set weechat.proxy.local-tor.type socks5 /set irc.server.libera.addresses 'palladium.libera.chat/6697' /set irc.server.libera.proxy 'local-tor'
/etc/tor/torrcを編集して以下の内容を追加し、Torを再起動。
# vi /etc/tor/torrc
# torrc entry for libera.chat onion service
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
# systemctl restart tor@default.service
# systemctl status tor@default.service
いったんdisconnectした後に再接続。/whoisでチェック。FQDNとIPアドレスは見えなくなった。
/connect libera /whois 11:05 -- [XXXXXXX] (~XXXXXXX@user/XXXXXXX): XXXXXXX 11:05 -- [XXXXXXX] palladium.libera.chat (Tor) 11:05 -- [XXXXXXX] is using a secure connection [TLSv1.3, TLS_AES_256_GCM_SHA384] 11:05 -- [XXXXXXX] has client certificate fingerprint 01fce6c3c54894294f2a4cfaa168feb4f4dcd48dcd9d5cdd577638bd7e75334709c520fdb02a57a6665d3674fb05147525d52af2e92dc92f315d822bffbb2788 11:05 -- [XXXXXXX] is connecting from *@gateway/tor-sasl/XXXXXXX 255.255.255.255 11:05 -- [XXXXXXX] idle: 00 hours 15 minutes 34 seconds, signon at: Sat, 15 Feb 2025 10:50:09 11:05 -- [XXXXXXX] is logged in as XXXXXXX 11:05 -- [XXXXXXX] End of /WHOIS list.
いろいろな情報を隠す。
/msg nickserv set HIDELASTLOGIN on /msg nickserv set HIDEMAIL on /msg nickserv set PRIVATE on /msg nickserv info XXXXXXX 11:31 -- NickServ (NickServ@services.libera.chat): Information on XXXXXXX (account XXXXXXX): 11:31 -- NickServ (NickServ@services.libera.chat): Registered : Feb 14 23:05:47 2025 +0000 (3h 25m 28s ago) 11:31 -- NickServ (NickServ@services.libera.chat): Last addr : ~XXXXXXX@user/XXXXXXX 11:31 -- NickServ (NickServ@services.libera.chat): vHost : user/XXXXXXX (assigned on Feb 14 23:08:31 2025 +0000 (3h 22m 44s ago)) 11:31 -- NickServ (NickServ@services.libera.chat): Last seen : now 11:31 -- NickServ (NickServ@services.libera.chat): User seen : now 11:31 -- NickServ (NickServ@services.libera.chat): Logins from: XXXXXXX 11:31 -- NickServ (NickServ@services.libera.chat): Nicks : XXXXXXX 11:31 -- NickServ (NickServ@services.libera.chat): Email : youremail@example.com (hidden) 11:31 -- NickServ (NickServ@services.libera.chat): Flags : HideMail, Private 11:31 -- NickServ (NickServ@services.libera.chat): Channels : 0 founder, 0 other 11:31 -- NickServ (NickServ@services.libera.chat): *** End of Info ***