in Linux

Shadowsocks 开启 OTA

One Time Auth

One-time authentication (shortened as OTA) is a new experimental feature designed to improve the security against CCA. You should understand the protocol before reading this document.
By default, the server that supports OTA should run in the compatible mode. OTA is only applied if the client’s request header has a flag set. However, if the server switch on OTA explicitly, all clients must switch on OTA, otherwise connections will be denied.
The authentication method is HMAC-SHA1 which has wide supports among all major platforms and fairly good speed.


更新服务端 shadowsocks 版本(

配置启动参数以开启 OTA:
vi /etc/default/shadowsocks-libev

/etc/init.d/shadowsocks-libev restart

客户端 Mac

使用 shadowsocks-libev。

为安装脚本添加 -A 参数(OTA):
brew edit shadowsocks-libev

brew install shadowsocks-libev

配置 config:
vi /usr/local/etc/shadowsocks-libev.json

brew services start shadowsocks-libev

/usr/local/opt/shadowsocks-libev/bin/ss-local -A -c /usr/local/etc/shadowsocks-libev.json -v

客户端 iOS

ShadowRockets:One Time Auth ✅

客户端 Win

原创文章,采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可。
转载请注明:转载自 Tony's blog,原文网址: