diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-12-19 12:27:16 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-12-19 12:27:16 -0400 |
commit | 43596d251426ea404be42a112f0f89015f8a089f (patch) | |
tree | c8c5c697021f811aa6f976847e422a1f3b94f684 /doc | |
parent | b5b075dbda279785644b876ae61584e27258af92 (diff) |
section on safe pairing code exchange
Diffstat (limited to 'doc')
-rw-r--r-- | doc/tips/peer_to_peer_network_with_tor.mdwn | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/doc/tips/peer_to_peer_network_with_tor.mdwn b/doc/tips/peer_to_peer_network_with_tor.mdwn index b6aafa534..a57d8a544 100644 --- a/doc/tips/peer_to_peer_network_with_tor.mdwn +++ b/doc/tips/peer_to_peer_network_with_tor.mdwn @@ -33,23 +33,38 @@ In both repositories, run this command: git annex p2p --pair -This will print out a code phrase, like "11-incredible-tumeric", -and prompt for you to enter the other repository's code phrase. +This will print out a pairing code, like "11-incredible-tumeric", +and prompt for you to enter the other repository's pairing code. -Once the code phrases are exchanged, the two repositories will be securely +Once the pairing codes are exchanged, the two repositories will be securely connected to one-another via Tor. Each will have a git remote, with a name like "peer1", which connects to the other repository. Then, you can run commands like `git annex sync peer1 --content` to sync with the paired repository. -The Magic Wormhole code phrases used during pairing will no longer be -useful for anything afterwards. - Pairing connects just two repositories, but you can repeat the process to pair with as many other repositories as you like, in order to build up larger networks of repositories. +## how to exchange pairing codes + +When pairing with a friend's repository, you have to exchange +pairing codes. How to do this securely? + +The pairing codes can only be used once, so it's ok to exchange them in +a way that someone else can access later. However, if someone can overhear +your exchange of codes in real time, they could trick you into pairing +with them. + +Here are some suggestions for how to exchange the codes, +with the most secure ways first: + +* In person. +* In an encrypted message (gpg signed email, Off The Record (OTR) + conversation, etc). +* By a voice phone call. + ## starting git-annex remotedaemon on boot Notice the `git annex remotedaemon` being run in the above examples. |