Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?
Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?
I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?
Re: Re: Node restrictions
By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51
To gaurantee that those using SSH would be able to log on.
-+-
-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322
---
¨ Synchronet ¨ Furmen's Folly - furmenservices.net:23
how many nodes you running with?
Is there a way that i can designate certain nodes as strictly SSH
and others strickly Telnet?
I don't believe there is, I checked SCFG and didn't see any settings
to accommodate that, but, why would you want to?
To gaurantee that those using SSH would be able to log on.
how many nodes you running with?
10. Was wanting to designate 5 Telnet and 5 SSH.
Lupine Furmen wrote to Richard Williamson <=-
how many nodes you running with?
10. Was wanting to designate 5 Telnet and 5 SSH.
how many nodes you running with?
10. Was wanting to designate 5 Telnet and 5 SSH.
Do you honestly think that you'll ever have all 10 nodes being
used, so that another incoming SSH caller couldn't get on?
... Error - Operator out of memory!
--- MultiMail/Linux v0.52
¨ Synchronet ¨ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
Do you honestly think that you'll ever have all 10 nodes being
used, so that another incoming SSH caller couldn't get on?
10. Was wanting to designate 5 Telnet and 5 SSH.
ssh and telnet get the same screens
If you get a chance try and create a new account on my BBS using SSHI just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-
please.
havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:
Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.
havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:
Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.
What's a "regular server"??
Re: Re: Node restrictions
By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am
If you get a chance try and create a new account on my BBS using SSH
please.
I tried, it didn't work on Havens!
Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.
Re: Re: Node restrictions
By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am
If you get a chance try and create a new account on my BBS using SSHI just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-
please.
Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.
Re: Re: Node restrictions
By: Altere to HusTler on Tue Nov 12 2019 04:56 pm
havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:
Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.
What's a "regular server"??
What's a "regular server"??
Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.
If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.
I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??
Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.
Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am
I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??
Maybe. Or I attempted to logon the wrong BBS. ;-)
Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.
I agree but apparently that's not how SSH works.
I also believe telnet is
not as insecure as the internet claims it is. In any case I don't think it's a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway.
Some SysOps don't even have SSH enabled on their
boards.
Oh..I wanted to ask you what the benefits would be to move SSH from
2222 to another port such as 2323?
SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?
2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?
Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.
I agree but apparently that's not how SSH works. I also believe telnet is not as insecure as the internet claims it is. In any case I don't think
not as insecure as the internet claims it is. In any case I don't
100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned
Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this
else, can simply see if in plain text. So, should I telnet to your
board and create a new user account, the username and password that
I choose is unsecured and can be easily intercepted, however, if I
use the methods mentioned
It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time
It seems on some configurations, you can. If I try to SSH to my BBS with a wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..
It seems on some configurations, you can. If I try to SSH to my BBS
with a wrong username/password, I am presented with the login screen
that allows you to create a new account. You can try with my BBS if
you want..
Let me see if I can bring the new user application on your BBS.
It's a BBS. Not the World Bank. What could possibly be intercepted
over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.
100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your
It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also gives BBSing a bad name. That's my 2 cents anyway.
I was able to log on to your board on ssh port 2222. User: new pass:new but it brought me to some other screen. I got a new user application on mine using the same credentials.
I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not
they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.
I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And
while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell
I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly, especially if you didn't have a current backup or none at all.
used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to
So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.
shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.
please. Some are just explaining how telnet is not secure, I've offered one of many examples.
to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.
Sysop: | Zazz |
---|---|
Location: | Mesquite, Tx |
Users: | 7 |
Nodes: | 4 (0 / 4) |
Uptime: | 14:05:08 |
Calls: | 157 |
Files: | 2,103 |
Messages: | 144,386 |