Can't access bitcoind over Tor (error code 1 - "EOF reached")

[gorazdko]

Abstract

I can't access bitcoind over Tor.

bitcoin.conf: (passwords and onion address are dummy and only for testing purposes)

regtest=1
server=1
rpcuser=bitcoin
rpcpassword=password
torpassword=************

The service is up and running: bitcoind -listen -debug=tor -printtoconsole -debug=1

2020-10-09T16:57:26Z tor: Connected to Tor version 0.4.4.5
2020-10-09T16:57:26Z tor: Supported authentication method: COOKIE
2020-10-09T16:57:26Z tor: Supported authentication method: HASHEDPASSWORD
2020-10-09T16:57:26Z tor: Supported authentication method: SAFECOOKIE
2020-10-09T16:57:26Z tor: Using HASHEDPASSWORD authentication
2020-10-09T16:57:26Z Loaded 0 addresses from peers.dat  0ms
2020-10-09T16:57:26Z init message: Starting network threads...
2020-10-09T16:57:26Z net thread start
2020-10-09T16:57:26Z tor: Authentication successful
2020-10-09T16:57:26Z init message: Done loading
2020-10-09T16:57:26Z addcon thread start
2020-10-09T16:57:26Z dnsseed thread start
2020-10-09T16:57:26Z 0 addresses found from DNS seeds
2020-10-09T16:57:26Z dnsseed thread exit
2020-10-09T16:57:26Z opencon thread start
2020-10-09T16:57:26Z msghand thread start
2020-10-09T16:57:26Z tor: ADD_ONION successful
2020-10-09T16:57:26Z tor: Got service ID oigbht6zrvck7jxw, advertising service oigbht6zrvck7jxw.onion:18444
2020-10-09T16:57:26Z tor: Cached service private key to /home/gorazd/.bitcoin/regtest/onion_private_key
2020-10-09T16:57:26Z AddLocal(oigbht6zrvck7jxw.onion:18444,4)

I can access bitcoin-cli over Tor:

gorazd@gorazd-MS-7C37:~$ torify bitcoin-cli -rpcconnect=oigbht6zrvck7jxw.onion -rpcport=18444 -rpcpassword=password --version
Bitcoin Core RPC client version v0.20.0, Bitcoin Core version v0.20.0
gorazd@gorazd-MS-7C37:~$

But I can't access bitcoind:

gorazd@gorazd-MS-7C37:~$ torify bitcoin-cli -rpcconnect=oigbht6zrvck7jxw.onion -rpcport=18444 -rpcuser=bitcoin -rpcpassword=password getblockcount
error: Could not connect to the server oigbht6zrvck7jxw.onion:18444 (error code 1 - "EOF reached")

Make sure the bitcoind server is running and that you are connecting to the correct RPC port.

bitcoind accepts and rejects the connection:

2020-10-09T17:00:04Z Added connection peer=0
2020-10-09T17:00:04Z connection from 127.0.0.1:53940 accepted
2020-10-09T17:00:05Z disconnecting peer=0
2020-10-09T17:00:05Z Cleared nodestate for peer=0

Without Tor it's ok:

gorazd@gorazd-MS-7C37:~$ bitcoin-cli -rpcuser=bitcoin -rpcpassword=password getblockcount
0

What am I missing?

Spec:

• Tor version 0.4.4.5.
• Bitcoin Core RPC client version v0.20.0, Bitcoin Core version v0.20.0
• Ubuntu 18.04

[Saibato]

You might try an entry in /etc/tor/torrc like

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 18443:127.0.0.1:18443

restart Tor and
get the onion addrress from /var/lib/tor/hidden_service/hostbame
and then do a
torify bitcoin-cli -rpcconnect=theonionaddresugrabbed.onion -rpcport=18443 -rpcuser=bitcoin -rpcpassword=password getblockcount

that should work.
But keep in mind that will open your RPC reachable over Tor, i hope u want this really?

The deeper reason is that that torcontroler in bitcoind creates only a listen inbound tor onion for 18444 gossip and not for the rpc on 18443 so local that works without Tor but remote without edit torrc not

[gorazdko]

Thanks it worked! (HiddenServicePort 18443 127.0.0.1:18443)

[practicalswift]

@gorazdko Be aware that the setup described is highly insecure. The RPC port is not meant to be reachable for attackers no matter how strong password you've set. Pre-auth RPC issues (and post-auth RPC issues such as #17742) are not even considered vulnerabilities in Bitcoin Core (they get no CVE) since we assume that merely exposing the RPC port is unsafe. More specifically we're operating under the trust boundary assumption that an attacker cannot connect to the RPC port.