Introduction.
Short tutorial how to setup SSL encrypted connection with the most popular IRC bot EGGDROP 1.8
SSL connection of the bot with the server gives you more secure control and stability.
In the tutorial we use eggdrop version 1.8. Other versions of eggdrop, like 1.6.x have problems with SSL.
Eggdrop 1.8 snapshot provides SSL/TLS support for server and botnet connections (within a 1.8 botnet), certificate validation, DCC CHAT over SSL aka SCHAT, and authentication with client certificate. SSL/TLS Documentation IPv6 support and more.
L E G E N D
Stage I.     Basic configuration and getting online.
Stage II.   Creating .pem certificates
Stage III.  Registering bot one the network
Stage IV.  SSL configuration and get online.
STAGE I. Basic configuration
To succeed with this tutorial and connect with SSL you must know basics of eggdrop and IRC clients like irssi.
Ok, lets start.
Configure your eggdrop.conf file to put your bot online first without SSL!! We must register it first on freenode irc network. Eggdrop 1.8 config file should be compatible with 1.6.X versions so you may try it.
EGGDROP UTF-8 SUPPORT (You can drop this step if you want!)
Download eggdrop1.8, unpack and edit tcl.c file, line 696.
Can add your country encoding you want, I've put eggdrop with UTF-8 support and iso8859-1.
wget http://irctarnow.com.pl/eggdrop/eggdrop1.8-snapshot.tar.gz tar zxvf eggdrop1.8-snapshot.tar.gz cd eggdrop1.8 nano -c src/tcl.c |
tcl.c line 696 if (encoding == NULL) { encoding = "iso8859-1"; encoding = "utf-8"; } |
Then configure and install.
./configure make config make make install // eggdrop doesn't like to be installed in non default directory path |
NOTE: It depends on You how will set up Your private data like your nickname, bot name, connection port, channel, etc. This one is mine. |
STAGE II. Creating SSL .pem certificates.
First create certificate key and your self-signed certificate. At the end of the first line can add -nodes
Without -nodes you will be asked for a passphrase (password) while you run eggdrop. However, with -nodes anyone with access to your certificate file could registered and identify as you and read certificate so we won't add it :)
On the second line we combine .key and .crt into one .pem file, which is being accepted by IRC networks.
Then change read/write access to the file for yourself only and determine fingerprint.
RSA certificate can be 1024, 2048, 4096 or longer, valid for 730 days. Can change that.
openssl req -newkey rsa:4096 -days 730 -x509 -keyout eggdrop1.key -out eggdrop1.crt cat eggdrop1.crt eggdrop1.key > ~/eggdrop/eggdrop1.pem chmod 600 ~/eggdrop/eggdrop1.pem openssl x509 -sha1 -fingerprint -noout -in ~/eggdrop/eggdrop1.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/' |
STAGE III. Register Eggdrop on the network (freenode).
Run eggdrop with basic config file:
./eggdrop -m eggdrop.conf |
/msg MyBot hello /msg MyBot pass YourPassword |
Close chat window with your bot, command /wc
Now make direct connection with eggdrop on port 44137 or other from the config file and type the master password (the same one you've set eariler).
NOTE: If you can't connect by mean of /dcc command, you might be behind home/work NAT masquerade. Then must uncomment in eggdrop.conf, around line 456: #set nat-ip "Your home/work public nat IP", and put your IP address and run eggdrop again! If you work on some public shell, don't do it, it should work. |
/dcc chat MyBot 44137 |
Regsiter bot on freenode and identify.
.msg nickserv register YourPassword your@email |
.msg NickServ VERIFY REGISTER BotName TempPass |
When connecting to freenode again nickserv will ask you to identify again, then: .msg nickserv identify YourPassword.
Add .pem certificate with:
.msg nickserv cert add eggdrop1.pem |
NOTE: Eggdrop can ignore chanserv if get to much data, its flood protection. See .ignore command for (*!*@services.). It should work anyway, so can skip it. |
NOTE: It depends on You how you will set up Your private data, like your nickname, bot name, connection port, irc network, pem paths. |
STAGE IV. Configuration of SSL and getting online.
There are known problems! with conenction to some irc networks on SSL ports, by DNS name server. We use instead its ip address and one of the SSL ports with +. See config file, line: 985.
Get freenode IP: ping irc.freenode.net
Moreover, have to change SSL configuration and add some stuff.
Complete and working eggdrop.conf SSL file can find here: eggdropSSL.conf
After you've made your changes, run the new config file without -m option.
./eggdrop eggdrop.conf |
Typein your security "pem password" and bot should be online with SSL connection, then:
/dcc chat BotName 44137 /msg BotName password |
Have Fun!! LuCkY 2014
HINT: With your proper country encoding (UTF-8, Western etc...) you can setup RSS/XML feed and be up with things. |