• Node restrictions

    From Lupine Furmen@1:103/705 to All on Tuesday, November 05, 2019 14:08:15
    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    þ Synchronet þ Furmen's Folly - furmenservices.net:22
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Lupine Furmen on Tuesday, November 05, 2019 16:48:51
    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?


    I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Lupine Furmen@1:103/705 to Mortifis on Tuesday, November 05, 2019 20:30:26
    Re: Re: Node restrictions
    By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?


    I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

    To gaurantee that those using SSH would be able to log on.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    þ Synchronet þ Furmen's Folly - furmenservices.net:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to Lupine Furmen on Wednesday, November 06, 2019 03:03:13
    Re: Re: Node restrictions
    By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

    To gaurantee that those using SSH would be able to log on.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    ¨ Synchronet ¨ Furmen's Folly - furmenservices.net:23


    how many nodes you running with?

    ---
    þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Lupine Furmen@1:103/705 to Richard Williamson on Wednesday, November 06, 2019 08:10:43
    Re: Re: Node restrictions
    By: Richard Williamson to Lupine Furmen on Wed Nov 06 2019 03:03:13

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    þ Synchronet þ Furmen's Folly - furmenservices.net:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Lupine Furmen on Wednesday, November 06, 2019 10:47:43
    Re: Re: Node restrictions
    By: Lupine Furmen to Mortifis on Tue Nov 05 2019 08:30 pm

    Is there a way that i can designate certain nodes as strictly SSH
    and others strickly Telnet?

    I don't believe there is, I checked SCFG and didn't see any settings
    to accommodate that, but, why would you want to?

    To gaurantee that those using SSH would be able to log on.

    I believe SSH is enabled by default for all nodes in Synchronet. You should only have to forward the SSH port (22 by default) in your router to your BBS machine, and anyone should then be able to log into any node via SSH. You shouldn't have to specifically designate certain nodes only for SSH.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Lupine Furmen on Wednesday, November 06, 2019 10:49:30
    Re: Re: Node restrictions
    By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    You shouldn't have to designate nodes as Telnet or SSH like that.. By default,
    telnet and SSH are enabled for all nodes, so when someone connects, Synchronet
    will just use the first node available. It would actually probably be best not to limit the number of nodes that can be used for SSH or telnet.. If you don't limit them, then all 10 nodes would be available for either telnet or SSH, depending on how users connect.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Lupine Furmen on Wednesday, November 06, 2019 11:34:00
    Lupine Furmen wrote to Richard Williamson <=-

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?



    ... Error - Operator out of memory!
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to Lupine Furmen on Wednesday, November 06, 2019 13:54:17
    Re: Re: Node restrictions
    By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am


    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    Run a 10 node BBS, the only way to accomplish what you're wanting from what I know is to run a 5 node BBS telnet only (disable ssh) on 1 server and a 5 node BBS ssh only (disable telnet) on a second server. That would require sharing the ./sbbs/ctrl directory and maybe others between the two systems. I've never done this, so I wouldn't be any help beyond this info here.

    -altere

    ---
    þ Synchronet þ Athelstan BBS - athelstan.org ssh:2222 telnet:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to Gamgee on Wednesday, November 06, 2019 14:01:37
    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?

    only happens if a bot takes them and you don't have MaxConcurrentConnections set to something other then 0

    ... Error - Operator out of memory!
    --- MultiMail/Linux v0.52
    ¨ Synchronet ¨ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

    ---
    þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Gamgee on Wednesday, November 06, 2019 12:46:40
    Re: Re: Node restrictions
    By: Gamgee to Lupine Furmen on Wed Nov 06 2019 11:34 am

    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?

    Yeah, I've been running my current BBS since 2007, and I think the most I've seen on at one time is maybe 3.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Lupine Furmen on Thursday, November 07, 2019 08:10:52
    Re: Re: Node restrictions
    By: Altere to Lupine Furmen on Wed Nov 06 2019 01:54 pm

    10. Was wanting to designate 5 Telnet and 5 SSH.

    You are aware new users can't logon with SSH right? I don't believe you can create a new user account using SSH if I'm not mistaken.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to HusTler on Thursday, November 07, 2019 11:29:43
    ssh and telnet get the same screens

    ---
    þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Richard Williamson on Thursday, November 07, 2019 18:11:55
    Re: Re: Node restrictions
    By: Richard Williamson to HusTler on Thu Nov 07 2019 11:29 am

    ssh and telnet get the same screens

    Sorry... I don't get what you are saying.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to HusTler on Thursday, November 07, 2019 20:20:20
    actually i was wrong, it is different between ssh/telnet

    ---
    þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Lupine Furmen on Tuesday, November 12, 2019 23:04:14
    Re: Re: Node restrictions
    By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

    If you get a chance try and create a new account on my BBS using SSH
    please.
    I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Tuesday, November 12, 2019 23:08:56
    Re: Re: Node restrictions
    By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
    2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Wednesday, November 13, 2019 00:47:11
    Re: Re: Node restrictions
    By: HusTler to Altere on Tue Nov 12 2019 11:08 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.

    If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

    -altere

    ---
    þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wednesday, November 13, 2019 08:09:16
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am

    If you get a chance try and create a new account on my BBS using SSH
    please.

    I tried, it didn't work on Havens!

    Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wednesday, November 13, 2019 08:23:56
    Re: Re: Node restrictions
    By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

    If you get a chance try and create a new account on my BBS using SSH
    please.
    I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    Seems we have an answer, we are connecting to port 22 on havens.synchro.net which has Ubuntu's (Debian) openSSHd, which of course, the kernel itself is blocking the connection, as it would even with telnet (only root can useradd or a trusted sudo user) but you are running SBBS SSH on port 2222 ... so I tried again ssh new@havens.synchro.net ... and sure enough, I get your logon screen "Starting new user registration... Does your terminal display colors [YES][NO].

    SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wednesday, November 13, 2019 08:29:00
    Re: Re: Node restrictions
    By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    A regular server is a server or suite of services (ie SBBS) that use standard tcp/udp ports, an irregular server is one that listens on non standard ports; port 2222 is a non-standard ssh port therefore is an irregular server

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Wednesday, November 13, 2019 06:40:08
    Re: Re: Node restrictions
    By: Altere to HusTler on Wed Nov 13 2019 12:47 am

    What's a "regular server"??

    Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.


    If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

    Thanks very much for that. The BBS was preconfigured by Marisa. If it aint broke don't fix it. ;-)

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wednesday, November 13, 2019 09:38:07
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Maybe. Or I attempted to logon the wrong BBS. ;-)

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    I agree but apparently that's not how SSH works. I also believe telnet is not
    as insecure as the internet claims it is. In any case I don't think it's a big
    deal to create an account using telnet and then using SSH on port 2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wednesday, November 13, 2019 11:30:42
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Maybe. Or I attempted to logon the wrong BBS. ;-)

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    I agree but apparently that's not how SSH works.

    That is exactly how SSH works. To be more precise, a typical Linux sshd daemon assumes that one cannot simply connect to a remote system and create their own account, an Administrator (aka root) needs to useradd (or adduser) with the basics, username and password. SSH is simply a connection protocol in which an authentication process must be completed and the username be passed first followed up by a subsequent password. With that said, Synchronet BBS has it's own built in SSH Server, which uses the /ctrl/ssl.cert file as the encryption key. SBBS is designed to have new users create their own accounts, unlike a Linux Shell account!!! Therefore, when one understands how they can open a secure connection to a system like SBBS by using the ssh new@whatever.sbbs.system so that they can create a new user account (on a system that allows new users) they can feel slightly more assured that their new account credentials are being encrypted and less likely to be 'spied on'.

    I also believe telnet is
    not as insecure as the internet claims it is. In any case I don't think it's a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway.

    This is the only thing you've addressed that I disagree with, telnet is 100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned above, Synchronet BBS will allow me to ssh new@yourbbs.com and create said account in a more encrypted manner. (we are not talking about ssh into your non-sbbs system

    Some SysOps don't even have SSH enabled on their
    boards.

    Alot of SysOps don't wear underwear either, but that doesn't make it hygienic :-P

    Oh..I wanted to ask you what the benefits would be to move SSH from
    2222 to another port such as 2323?


    The benefit would be that unless you tell your users what port your ssh server is listening on it would be unlikely to ever be used, in which case you'd might as well just shut SSH off completely. IMHO, some configure their setup to non-standard ports either because their ISP blocks the standard ports, or the sysop has other services running on the standard ports. Me for instance have my commercial server running on Apache port 80, while I have alleycat.synchro.net web interface running on port 81; I have my sbbs ssh on port 22 but my commercial server has sshd running on different port which is blocked to outside access (LAN use only) etc also, having your ssh on port 2222 makes more sense because 2323 would reflect a non-standard telnet port.

    Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

    // New user application?
    if(str.toUpperCase()=="NEW") {
    if(client.protocol.toUpperCase() === 'SSH') {
    console.writeln('Please login with Telnet to complete your registration!');
    bbs.hangup();
    exit();
    }
    if(bbs.newuser()) {
    bbs.logon();
    exit();
    }
    continue;
    }

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wednesday, November 13, 2019 09:44:55
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:23 am

    SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?

    Good question. I'll have to ask MarisG. I've never tried it to be honest. I'm wondering how many new users would think to try it? Maybe I should advertise to be option. Thanks for bringing it to my attention.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Wednesday, November 13, 2019 11:12:07
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

    2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

    There are no benefits, pick a port and stick with it. If you change ports now, you probably have a firewall rule to change as well so keep that in mind. You don't even have SSH listed as a service in the BBS List.

    -altere

    ---
    þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wednesday, November 13, 2019 12:50:33
    Re: Re: Node restrictions
    By: HusTler to Lupine Furmen on Tue Nov 12 2019 11:04 pm

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    It seems on some configurations, you can. If I try to SSH to my BBS with a wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wednesday, November 13, 2019 12:51:49
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

    I agree but apparently that's not how SSH works. I also believe telnet is not as insecure as the internet claims it is. In any case I don't think

    The thing with telnet is that everything is sent in plain text. Someone could potentially snoop into the connection and see the user's password being sent, for instance.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wednesday, November 13, 2019 15:51:21
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

    not as insecure as the internet claims it is. In any case I don't

    100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also
    gives BBSing a bad name. That's my 2 cents anyway.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wednesday, November 13, 2019 15:58:52
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

    Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

    Block?? I don't want to block anyone. I want more users not less. I just updated the info to my BBS ad. I'm always adding attempted SSH logins to my ip-can. Now I know what to look out for. ;-) Thanks

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wednesday, November 13, 2019 17:17:51
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

    else, can simply see if in plain text. So, should I telnet to your
    board and create a new user account, the username and password that
    I choose is unsecured and can be easily intercepted, however, if I
    use the methods mentioned

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time

    Anything over telnet can be seen and intercepted since everything sent over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wednesday, November 13, 2019 21:34:15
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Wed Nov 13 2019 12:50 pm

    It seems on some configurations, you can. If I try to SSH to my BBS with a wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..

    Let me see if I can bring the new user application on your BBS.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wednesday, November 13, 2019 21:41:56
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:34 pm

    It seems on some configurations, you can. If I try to SSH to my BBS
    with a wrong username/password, I am presented with the login screen
    that allows you to create a new account. You can try with my BBS if
    you want..

    Let me see if I can bring the new user application on your BBS.

    I was able to log on to your board on ssh port 2222. User: new pass:new but it
    brought me to some other screen. I got a new user application on mine using the same credentials.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wednesday, November 13, 2019 21:59:31
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Wed Nov 13 2019 05:17 pm

    It's a BBS. Not the World Bank. What could possibly be intercepted

    over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

    I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not like there's a standard for connecting to a BBS via ssh. I'm trying to get new users
    invloved in BBSing. No need to complicate things with SSH. First they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when
    I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Thursday, November 14, 2019 11:03:05
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

    100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also gives BBSing a bad name. That's my 2 cents anyway.

    I think the point is, it's not secure by any means. If I setup a packet sniffer
    and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly,
    especially if you didn't have a current backup or none at all.

    I always recommend using a different password everything. Anything that involves any of my servers that could possibly produce a shell account, I take security into account. With that, I would never use telnet. As a regular user to another BBS where I don't have sysop access, no big deal because I use a different password for those accounts and if someone go my info, they can't really do anything other then lock me out really, or post some crap under my account.

    -altere

    ---
    þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thursday, November 14, 2019 09:56:09
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:41 pm

    I was able to log on to your board on ssh port 2222. User: new pass:new but it brought me to some other screen. I got a new user application on mine using the same credentials.

    What was the screen? I do have a login matrix - is that the screen it was showing?

    Also, odd that you say you connected on port 2222. I have my Synchronet configured to listen on port 22 for SSH. And I don't have port 2222 forwarded to my BBS machine in my router. So I don't know how you were able to connect to my BBS at port 2222.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thursday, November 14, 2019 09:57:45
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:59 pm

    I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not

    You shouldn't have to guess much.. The standard port for SSH is 22. The sysop
    could change the port though, which is also true for telnet.. The sysop might
    decide not to use the standard telnet port of 23.

    they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

    Yeah, I like to try to make things easy.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Altere on Thursday, November 14, 2019 14:10:54
    I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And
    while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell

    I disabled ;SHELL and ;DOS on my board as found in str_cmds.js

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Thursday, November 14, 2019 15:04:17
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 11:03 am

    I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly, especially if you didn't have a current backup or none at all.

    So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Thursday, November 14, 2019 15:40:10
    Re: Re: Node restrictions
    By: HusTler to Altere on Thu Nov 14 2019 03:04 pm

    used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to

    So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

    Sniffers don't quite work like that, but even if I had the required information
    to do that, I have nothing to gain from doing so. Other people however like to
    get into peoples systems just for fun, to run programs, etc. etc.. It's your system, your bbs, you go about it however your please. Some are just explaining
    how telnet is not secure, I've offered one of many examples.

    On another note, say I have a work destop that's used strictly to ssh to a server and some light email checking. While I may not click on suspicious links
    or emails, and it's behind NAT and a firewall doesn't mean I shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    -altere

    ---
    þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Altere on Thursday, November 14, 2019 14:44:46
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

    shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    I agree. Though it seems like most people in the BBS community don't care too much if their BBS session is insecure.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Friday, November 15, 2019 11:05:32
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

    please. Some are just explaining how telnet is not secure, I've offered one of many examples.

    to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    I get what your saying and appreciate it. Yes telnet is unsecure. I just feel
    all this talk about how unsecure it is drives off potenial new users. They hear from their friends how unsecure BBS's are and don't bother to check them out at all. The sky is not going to fall if somone telnets to a BBS. Once the user creates an account the SysOP should remind them of the other connection options the board has or doesn't have. There's 2 sides to every coin. One side says "Don't use telnet it's dangerous!" The other side says" Relax telnet is fine. If you need more security use SSH". When someone like yourself makes claims of how easy it is to steal your info using telnet that doesn't promote BBS use. It says don't use BBS's. They can watch you and steal your ID. That's NO way to remote the freindly enjoyable hobby we all know and love.
    That's just my opinion.....I could be wrong ;-)

    Havens BBS

    SysOp: HusTler

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)