tascagao wrote:
... to build a botnet.
...
Summarizing what I did (very recently) to link two bots ( both v.1.8 ) using SSL:
Follow this:
http://www.egghelp.org/enhance.htm#setupbotnet
understanding that it is does not cover SSL.
It is still helpful anyway.
Look in:
botdir/doc
for a file named TLS
Read it.
In eggdrop.conf, on the hub bot:
Find this section - ##### SSL SETTINGS #####
and read it carefully too.
There are two settings that you must enable in there:
set ssl-privatekey "eggdrop.key"
and
set ssl-certificate "eggdrop.crt"
In that same section of eggdrop.conf on the hub bot, there is also
set ssl-capath "/etc/ssl/"
It needs to be un-commented, and probably already is.
I created the files eggdrop.key and eggdrop.crt by following the directions for using
'make sslcert DEST=...'
that you have found by now, by reading both the TLS file and the SSL section of eggdrop.conf.
That's it. To get two bots to link, the above was all that was necessary.
I suggest that you do this first. Then if you wish, explore the other options in the SSL section of eggdrop.conf .
I did encounter two problems.
The first I helped myself by doing:
.console -d
on both bots, so I could see more of what was happening.
On the hub bot, I saw that some sort of DNS lookup was failing.
So I went to eggdrop.conf, and found the optional setting to tell that bot to use a different DNS server, and set it to use the google DNS servers.
That fixed that problem.
From your description, I don't think you have this problem. I'm noting it here for anyone else that happens to come along reading this.
The second problem was this:
Code: Select all
sockread(): SSL error = error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
(remember that I had done .console -d , so that I could see this)
It had me stumped. I tried a lot of combinations of settings and googling. Eventually I asked for, and got help from someone with a lot of experience. ( You know who you are: Thank you again for taking your time to chat with me about it. ) We went over my config, etc. and did not see anything wrong. We tried a few changes anyway, experimenting.
Somewhere along the way, I wanted to go back to the settings I had started with, so I made the edits, and did not simply .rehash.
I did .restart.
The link started working !
I still don't know what the error that I posted above means.
Apparently, somehow with the various things I tried, I did something that left the hub bot unable to do a SSL connection properly, and it was cleared out by the .restart .
I suggest that you be sure (on the hub bot) that you have the three settings that I've mentioned here. Then .restart the hub bot.
To be extra sure, you can .die it, and start totally fresh.
If you wish, do the same with the leaf bot (it can't hurt).
I thought it was much more complicated than it really is. It is not complicated at all.
Both bots are v.1.8.
Both bots have TLS enabled. (do .status to see this)
On hub bot, create .key and .crt file, and enable settings that point to them.
That's all.
Good luck with it.
I hope this helps.
Let us know.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !