How to Setup Ircd-hybrid With SSL on Ubuntu

| By

Spotify uses IRC (internet relay chat) for instant messaging with an SSL layer for encryption. Everytime I logon I get a (notice) *** You are connected using SSL cipher "RSA-AES-128-CBC-SHA1" banner. Here’s how I setup an encrypted IRC service on my home Ubuntu server. Installing the vanilla ircd-hybrid package is straight forward, but the package in the official repo isn’t compiled with SSL support. I needed to build it myself with the SSL patch.

Download Ubuntu Packages

sudo aptitude install openssl libssl-dev
sudo mkdir hybrid && cd hybrid && sudo apt-get source ircd-hybrid

Edit ircd-hybrid-*/debian/rules and add USE_OPENSSL = 1 so the file has

# Some useful stuff to edit here.
# Beware: TOPICLEN may not exceed 390.
NICKLEN = 15
TOPICLEN = 350
MAXCLIENTS = 200
USE_OPENSSL = 1
# ...

Rebuild the deb file and install it:

sudo cd ircd-hybrid-*
sudo dpkg-buildpackage -rfakeroot -uc -b
sudo cd ../
sudo dpkg -i ircd-hybrid_*.deb

Edit connect, listen and operator blocks in /etc/ircd-hybrid/ircd.conf to be

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

connect {
    /* name: the name of the server */
    name = "irc.example.net";

    /* host: the host or IP to connect to.  If a hostname is used it
     * must match the reverse dns of the server.
     */
    host = "127.0.0.1";

    /* passwords: the passwords we send (OLD C:) and accept (OLD N:).
     * The remote server will have these passwords reversed.
     */
    send_password = "password";
    accept_password = "password";

    /* compressed: controls whether traffic is compressed via ziplinks.
     * By default this is disabled
     */
    compressed = yes;
};

/* listen {}: contain information about the ports ircd listens on (OLD P:) */
listen {
    /* port: the specific port to listen on. if no host is specified
     * before, it will listen on all available IPs.
     *
     * ports are seperated via a comma, a range may be specified using ".."
     */

    /* port: listen on all available IPs, ports 6665 to 6669 */
    host = "0.0.0.0"; # change this!
    port = 6665 .. 6669;
    /* sslport: ports to accept ONLY ssl connections on */
    flags = ssl;
    port = 6697 #change this!
};

Generate a password for the IRC operator using mkpasswd tool

mkpasswd [Password]

Search for operator block and change it to look like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# ...
operator {
    /* name: the name of the oper */
    name = "root";
    /* user: the user@host required for this operator. CIDR is not
     * supported. multiple user="" lines are supported.
     */
    user = "*@*";

    /* password: the password required to oper. By default this will
     * need to be encrypted using '/usr/bin/mkpasswd'.
     * WARNING: Please do not mix up the 'mkpasswd' program from
     * /usr/sbin with this one. If you are root, typing 'mkpasswd'
     * will run that one instead and you will receive a strange error.
     *
     * MD5 is supported. If you want to use it, use mkpasswd -Hmd5.
     */
     password = "#MD5 PASSWORD HERE#";
# ...

Restart the irc server with sudo service ircd-hybrid restart.

Reference