Blog Post

Freenode IRC – Connect And Auth Securely

OK, so today freenode migrated to their new server. It was a bit rough around the edges at first, however they have finally added support for connecting via SSL and using a script in Irssi you can authenticate via SASL. So, I will quickly show you how to get SSL and SASL setup for Irssi and Irssi only, and I am assuming you already have a connection to Freenode already setup.

WARNING: It has been brought to my attention that the Irssi folks get mad when people tell you to edit the config file instead of using the commands, so with that, backup your config file first, and if anything goes wrong, not my fault ๐Ÿ™‚

  1. Let’s install the necessary packages (I think this is all, I already had openssl installed but had to install the libcrypt- packages for the SASL script below):
    sudo apt-get install openssl libcrypt-openssl-bignum-perl libcrypt-dh-perl libcrypt-blowfish-perl
  2. Grab and save the cap_sasl.pl script to ~/.irssi/scripts and setup a link for it to autorun:
    cd ~/.irssi/scripts
    wget http://www.freenode.net/sasl/cap_sasl.pl
    mkdir autorun  ## only if you do not have this directory already
    cd autorun
    ln -s ../cap_sasl.pl .
  3. Fire up Irssi without connecting to anything:
    irssi -!
  4. Once in Irssi, setup your username and password for SASL:
    /sasl set freenode your_nick your_password DH-BLOWFISH
    /sasl save
    /save
  5. Quit Irssi
  6. Using a text editor, edit ~/.irssi/config and in the section that says servers = ( you want to remove the stuff between the { and } for freenode, and then add the following in its place:
    address = "chat.us.freenode.net";
    chatnet = "freenode";
    port = "7000";
    use_ssl = "yes";
    ssl_verify = "yes";
    ssl_capath = "/etc/ssl/certs";
    autoconnect = "yes";
  7. Now under the chatnets = ( section, you want the freenode = part to be changed to:
    freenode = { type = "IRC"; };

If you get a message about your nick being “Juped” or “temporarily unavailable” and get switched to Guestxxxx nick, read the following, otherwise enjoy your new secure connection.

Now you can go ahead and connect to IRC like you are used to. If you have the ENFORCE flag set for your nickname, you may come across some issues with identifying, and the one message I kept getting was:

Nick nixternal is Juped

If you get this, you need to disable the ENFORCE flag on your nick (make sure you are identified with your correct nick first):

/msg nickserv set enforce off

After that, disconnect from IRC, then reconnect to IRC. You shouldn’t be getting that error message now. If you do, go to #freenode and complain accordingly ๐Ÿ™‚ If all is well, you can go ahead and set the ENFORCE flag back to on:

/msg nickserv set enforce on

Now all should be well. Enjoy your new secure, SSL and SASL authentication, connection.

This entry was posted in Application and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.
  • peder

    Thanks for this nice howto. Is there any way to get this done in XChat, too?

  • peder

    Ok, just changing the port to 7070 is enough for XChat. Certificate is valid :o). More information on http://freenode.net/irc_servers.shtml

  • Pingback: Links 1/2/2010: German Migrations to Free Software, New Debian | Boycott Novell()

  • lorenzo

    hello i am a noob
    would it be possible to write the same Tutorial
    to use it with Xchat , i am not a geek.
    I tried to add the perl script inn Xchat ,
    but it has been a failure .

    Greetings from italy
    Thanks in advance
    Lorenzo

  • efnet

    Freenode’s new SASL fascist nazi tactic had my network blocked. I don’t even use TOR nor do I want to.

    Tell those fags at freenode to go fuck themselves.

    Sincerely, Freenode sucks.

  • I just got hit with having my nick juped, and found that you do NOT need to reconnect to the server. Just:

    /msg nickserv release mynick [password]
    /nick mynick

    And you should have your nick back.

  • Subscribe to nixternal.com

     Subscribe in a reader

    Or, subscribe via email:
    Enter your email address:

  • Archives


semidetached
semidetached
semidetached
semidetached
%d bloggers like this: