RPCAUTH doesn's seem to be recognized by the client. #12209

<!-- This issue tracker is only for technical issues related to Bitcoin Core. General bitcoin questions and/or support requests are best directed to the Bitcoin StackExchange at https://bitcoin.stackexchange.com. For reporting security issues, please read instructions at https://bitcoincore.org/en/contact/. If the node is "stuck" during sync or giving "block checksum mismatch" errors, please ensure your hardware is stable by running memtest and observe CPU temperature with a load-test tool such as linpack before creating an issue! -->

<!-- Describe the issue -->

I was trying to set up a Lightning node and ran into issues with user authentication with cookies. So, as a work around, I ended up setting up a rpcuser and rpcpassword. Looking at my debug.log, I saw the line saying that those options have been superseded by rpcauth since 2015. I looked up how to do this and found and downloaded the rpcuser.py script and ran it and I got a line to put into my config file. It looked like this.

rpcauth=linrono:8512a641e39573384c5c321d5d1527a$ab5536ee2244c70ad2efe8d68bd50e3495a7a48656794a094f5b1a2a5a874a4d

This is not what I am using, but what I have was generated the same way. After saving this to my config file and restarting my client, I checked my debug log file and found this line.

No rpcpassword set - using random cookie authentication

I double checked and there was, indeed, a cookie file generated.

<!--- What behavior did you expect? -->

I thought the rpcauth was replacing the rpcuser and rpcpassword authentication.

<!--- What was the actual behavior (provide screenshots if the issue is GUI-related)? -->

<!--- How reliably can you reproduce the issue, what are the steps to do so? -->

No matter what I do, I cannot seem to get the node to accept the rpcauth line in my config file. I did try to run the client with the rpcauth as a command line option. This also did not work.

<!-- What version of Bitcoin Core are you using, where did you get it (website, self-compiled, etc)? -->

I am using the v0.15.1.0-g7b57bc998f33 client. It is the most up to date version provided by the ArchLinux repositories.

<!-- What type of machine are you observing the error on (OS/CPU and disk type)? -->

I am running ArchLinux and am using a Corei7.

I'm sorry if this is a known issue or I'm doing something wrong. I did try to search for more information and found comments on this bitcoin Stack Exchange question with the same issue but no resolution.

https://bitcoin.stackexchange.com/questions/46782/rpc-cookie-authentication

<!-- Any extra information that might be useful in the debugging process. -->

<!--- This is normally the contents of a `debug.log` or `config.log` file. Raw text or a link to a pastebin type site are preferred. -->

The No rpcpassword set - using random cookie authentication line is a little misleading, because even though bitcoind is generating a cookie file, it should still be picking up and using your rpcauth= option.

While -rpcpassword and cookie auth are mutually exclusive, -rpcauth and cookie auth are not, and -rpcpassword and -rpcauth are also not exclusive. This is pretty confusing, but might be clearer if the -rpcpassword server option is ever removed.

So it's unclear what your problem could be. You might want to search for Using config file in your debug.log to make sure your configured rpcauth= value is being picked up. And when you are passing -rpcauth= on the command line, you should make sure the dollar sign in the middle of the string is properly escaped, because the shell might be stripping it out, and bitcoin doesn't print any diagnostic if the dollar sign is missing. You can escape rpcauth in a unix shell either by wrapping it in single quotes '-rpcauth=...' or by putting a backslash before dollar sign \$.

That is confusing, but I guess it makes sense to use both forms of authorization, one for local usage and one for remote usage. I know my node is reading from the config file as other changes in the config file are reflected in my node, such as switching from cookie authentication to rpcuser authentication. I couldn't find anything in my logs mentioning rpcauth but I will double check and see when I can get back to my node. I will try running some more tests with bitcoin-cli and the rpcauth authentication (outside of the Lightning node) as well and get back to you.

I was finally able to test this and I was wrong it does work. There is definitely nothing in my debug.log about the rpcauth option but when I ran bitcoin-cli without cookie authentication, I was then able to authenticate using the username and password specified by rpcauth. Thank you for your clarification. Maybe it would be worth throwing something into the log saying a username and password is registered by rpcauth or something. Could be a fun easy pull request I may try to do.

@Linrono sounds like a good idea! Please do.

@Linrono - what's the status of this? Are you planning on opening a PR?

So, I did open a PR. TBH I have been playing with Lightning Network and I kind of forgot I said I would do this. I tested some things out and tried to be fancy with it but I determined that a simple log write would probably suffice. It is PR #13118.

Can this be closed?

Just confirming @ryanofsky 's advice to properly escape the dollar sign when starting bitcoind using the -rpcauth argument. Ideally, bitcoind itself should validate that the provided string argument conforms to the structure specified in the documentation, and fail to start in case the shell ate the dollar sign in the formatted string.

Thanks!