Shadowsocks 开启 OTA

One Time Auth

One-time authentication (shortened as OTA) is a new experimental feature designed to improve the security against CCA. You should understand the protocol before reading this document.

By default, the server that supports OTA should run in the compatible mode. OTA is only applied if the client’s request header has a flag set. However, if the server switch on OTA explicitly, all clients must switch on OTA, otherwise connections will be denied.

The authentication method is HMAC-SHA1 which has wide supports among all major platforms and fairly good speed.


更新服务端 shadowsocks 版本(

配置启动参数以开启 OTA:vi /etc/default/shadowsocks-libev

# Extra command line arguments

/etc/init.d/shadowsocks-libev restart

客户端 Mac

使用 shadowsocks-libev。

为安装脚本添加 -A 参数(OTA):brew edit shadowsocks-libev

plist_options:manual => "#{HOMEBREW_PREFIX}/opt/shadowsocks-libev/bin/ss-local -A -c #{HOMEBREW_PREFIX}/etc/shadowsocks-libev.json"

brew install shadowsocks-libev

配置 config:vi /usr/local/etc/shadowsocks-libev.json

开机启动:brew services start shadowsocks-libev

手动启动调试:/usr/local/opt/shadowsocks-libev/bin/ss-local -A -c /usr/local/etc/shadowsocks-libev.json -v

客户端 iOS

ShadowRockets:One Time Auth :white_check_mark:

客户端 Win

Releases · shadowsocks/shadowsocks-windows
A C# port of shadowsocks. Contribute to shadowsocks/shadowsocks-windows development by creating an account on GitHub.


评论 在此处输入想要评论的文本。

Copied title and URL