Blog Post

By Rich Johnson | January 30th, 2010

Freenode IRC – Connect And Auth Securely

By Rich Johnson on Published: January 30, 2010 at 9:30 pm

OK, so today freenode migrated to their new server. It was a bit rough around the edges at first, however they have finally added support for connecting via SSL and using a script in Irssi you can authenticate via SASL. So, I will quickly show you how to get SSL and SASL setup for Irssi and Irssi only, and I am assuming you already have a connection to Freenode already setup.

WARNING: It has been brought to my attention that the Irssi folks get mad when people tell you to edit the config file instead of using the commands, so with that, backup your config file first, and if anything goes wrong, not my fault ๐Ÿ™‚

  1. Let’s install the necessary packages (I think this is all, I already had openssl installed but had to install the libcrypt- packages for the SASL script below): 
    sudo apt-get install openssl libcrypt-openssl-bignum-perl libcrypt-dh-perl libcrypt-blowfish-perl
  2. Grab and save the cap_sasl.pl script to ~/.irssi/scripts and setup a link for it to autorun: 
    cd ~/.irssi/scripts
wget http://www.freenode.net/sasl/cap_sasl.pl
mkdir autorun  ## only if you do not have this directory already
cd autorun
ln -s ../cap_sasl.pl .
  3. Fire up Irssi without connecting to anything: 
    irssi -!
  4. Once in Irssi, setup your username and password for SASL: 
    /sasl set freenode your_nick your_password DH-BLOWFISH
/sasl save
/save
  5. Quit Irssi
  6. Using a text editor, edit ~/.irssi/config and in the section that says servers = ( you want to remove the stuff between the { and } for freenode, and then add the following in its place: 
    address = "chat.us.freenode.net";
chatnet = "freenode";
port = "7000";
use_ssl = "yes";
ssl_verify = "yes";
ssl_capath = "/etc/ssl/certs";
autoconnect = "yes";
  7. Now under the chatnets = ( section, you want the freenode = part to be changed to: 
    freenode = { type = "IRC"; };

If you get a message about your nick being “Juped” or “temporarily unavailable” and get switched to Guestxxxx nick, read the following, otherwise enjoy your new secure connection.

Now you can go ahead and connect to IRC like you are used to. If you have the ENFORCE flag set for your nickname, you may come across some issues with identifying, and the one message I kept getting was:

Nick nixternal is Juped

If you get this, you need to disable the ENFORCE flag on your nick (make sure you are identified with your correct nick first):

/msg nickserv set enforce off

After that, disconnect from IRC, then reconnect to IRC. You shouldn’t be getting that error message now. If you do, go to #freenode and complain accordingly ๐Ÿ™‚ If all is well, you can go ahead and set the ENFORCE flag back to on:

/msg nickserv set enforce on

Now all should be well. Enjoy your new secure, SSL and SASL authentication, connection.

This entry was posted in Application and tagged , . Bookmark the permalink. Trackbacks are closed, but you can post a comment.

  • Archives


semidetached
semidetached
semidetached
semidetached