Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

white listing clients based on some deterministic ID (perhapd public key) #303

Open
KanoczTomas opened this issue Nov 2, 2017 · 7 comments
Open

white listing clients based on some deterministic ID (perhapd public key) #303

KanoczTomas opened this issue Nov 2, 2017 · 7 comments
Labels
enhancement

Comments

@KanoczTomas
Copy link

Hello,

I see there is no option to white list some clients on the electrumx server. It would be nice to have a white list of clients who would essentially be connected even if the max session is reached. Right now I did not find any way of doing it.

I think using a deterministic unique ID per client would be the best, as the IP address can change. Perhaps a configuration directive (env variable) could be used for it + an RPC call to add it on the fly, without the need to restart the server.

Use case: the owner of the server will most certainly want to add electrum clients owned to the whitelist
@SomberNight
Copy link
Contributor

I also think it would be nice to allow server operators to access their own server even if the session limit has been reached. The suggested solution however would need major changes in both the client and the server.

A shorter term realistic solution is IP-based whitelisting in the server, and the server operator setting up a SOCKS5 proxy with user+password authentication at a whitelisted IP. The client already supports such proxy natively.

@SuBPaR42
Copy link
Contributor

Having recently set a lower user limit for one of my servers I too would like to see a whitelist option.

@Talkless
Copy link

+1.

Not sure if IP whitelist will be good enough, what if you are roaming?

What about using "yet another" port with client certificate auth. or something similar? Although of course, having some "random" port is "security via obscurity"...

@KanoczTomas
Copy link
Author

KanoczTomas commented Jan 2, 2019
edited
Loading

Not sure how certificates work with electrumx, perhaps one could use a similar setup as with openvpn. It is possible to create a CA and sign certificates with it. Perhaps any client which shows a cert signed by a trusted CA could be whitelisted.

The ca.crt would have to be supplied for whitelisting to work.

@Talkless
Copy link

Talkless commented Jan 3, 2019

Not sure how certificates work with electrumx

Well, there's actually problem with Electrum wallet - it should have client certificate support for my proposal to work.. so that's out of the question.

@SomberNight
Copy link
Contributor

Both Electrum and ElectrumX use the aiorpcx library, and all three are open source. If someone actually takes the time to make decent PRs, I am sure they can get merged.

@kyuupichan kyuupichan mentioned this issue Apr 24, 2019
Closed
@peleion peleion mentioned this issue May 6, 2019
Closed
@davedavis
Copy link

Has anyone found a workaround for this for localhost (the only connection)? Or is setting the limit env variables to something crazy high the best way to achieve this when running local only?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Talkless @SuBPaR42 @kyuupichan @davedavis @KanoczTomas @SomberNight