• Node restrictions

    From Lupine Furmen@1:103/705 to All on Tue Nov 5 14:08:15 2019
    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    Synchronet Furmen's Folly - furmenservices.net:22
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Lupine Furmen on Tue Nov 5 16:48:51 2019
    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?


    I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Lupine Furmen@1:103/705 to Mortifis on Tue Nov 5 20:30:26 2019
    Re: Re: Node restrictions
    By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

    Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?


    I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

    To gaurantee that those using SSH would be able to log on.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    Synchronet Furmen's Folly - furmenservices.net:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to Lupine Furmen on Wed Nov 6 03:03:13 2019
    Re: Re: Node restrictions
    By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

    To gaurantee that those using SSH would be able to log on.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    Synchronet Furmen's Folly - furmenservices.net:23


    how many nodes you running with?

    ---
    Synchronet Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Lupine Furmen@1:103/705 to Richard Williamson on Wed Nov 6 08:10:43 2019
    Re: Re: Node restrictions
    By: Richard Williamson to Lupine Furmen on Wed Nov 06 2019 03:03:13

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    Synchronet Furmen's Folly - furmenservices.net:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Lupine Furmen on Wed Nov 6 10:47:43 2019
    Re: Re: Node restrictions
    By: Lupine Furmen to Mortifis on Tue Nov 05 2019 08:30 pm

    Is there a way that i can designate certain nodes as strictly SSH
    and others strickly Telnet?

    I don't believe there is, I checked SCFG and didn't see any settings
    to accommodate that, but, why would you want to?

    To gaurantee that those using SSH would be able to log on.

    I believe SSH is enabled by default for all nodes in Synchronet. You should only have to forward the SSH port (22 by default) in your router to your BBS machine, and anyone should then be able to log into any node via SSH. You shouldn't have to specifically designate certain nodes only for SSH.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Lupine Furmen on Wed Nov 6 10:49:30 2019
    Re: Re: Node restrictions
    By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    You shouldn't have to designate nodes as Telnet or SSH like that.. By default,
    telnet and SSH are enabled for all nodes, so when someone connects, Synchronet will just use the first node available. It would actually probably be best not
    to limit the number of nodes that can be used for SSH or telnet.. If you don't
    limit them, then all 10 nodes would be available for either telnet or SSH, depending on how users connect.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Lupine Furmen on Wed Nov 6 11:34:00 2019
    Lupine Furmen wrote to Richard Williamson <=-

    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?



    ... Error - Operator out of memory!
    --- MultiMail/Linux v0.52
    Synchronet Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to Lupine Furmen on Wed Nov 6 13:54:17 2019
    Re: Re: Node restrictions
    By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am


    how many nodes you running with?

    10. Was wanting to designate 5 Telnet and 5 SSH.

    Run a 10 node BBS, the only way to accomplish what you're wanting from what I know is to run a 5 node BBS telnet only (disable ssh) on 1 server and a 5 node BBS ssh only (disable telnet) on a second server. That would require sharing the ./sbbs/ctrl directory and maybe others between the two systems. I've never done this, so I wouldn't be any help beyond this info here.

    -altere

    ---
    Synchronet Athelstan BBS - athelstan.org ssh:2222 telnet:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to Gamgee on Wed Nov 6 14:01:37 2019
    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?

    only happens if a bot takes them and you don't have MaxConcurrentConnections set to something other then 0

    ... Error - Operator out of memory!
    --- MultiMail/Linux v0.52
    Synchronet Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

    ---
    Synchronet Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Gamgee on Wed Nov 6 12:46:40 2019
    Re: Re: Node restrictions
    By: Gamgee to Lupine Furmen on Wed Nov 06 2019 11:34 am

    Do you honestly think that you'll ever have all 10 nodes being
    used, so that another incoming SSH caller couldn't get on?

    Yeah, I've been running my current BBS since 2007, and I think the most I've seen on at one time is maybe 3.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Lupine Furmen on Thu Nov 7 08:10:52 2019
    Re: Re: Node restrictions
    By: Altere to Lupine Furmen on Wed Nov 06 2019 01:54 pm

    10. Was wanting to designate 5 Telnet and 5 SSH.

    You are aware new users can't logon with SSH right? I don't believe you can create a new user account using SSH if I'm not mistaken.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to HusTler on Thu Nov 7 11:29:43 2019
    ssh and telnet get the same screens

    ---
    Synchronet Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Richard Williamson on Thu Nov 7 18:11:55 2019
    Re: Re: Node restrictions
    By: Richard Williamson to HusTler on Thu Nov 07 2019 11:29 am

    ssh and telnet get the same screens

    Sorry... I don't get what you are saying.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Richard Williamson@1:103/705 to HusTler on Thu Nov 7 20:20:20 2019
    actually i was wrong, it is different between ssh/telnet

    ---
    Synchronet Richard's Fun House BBS | http://richardf.ddns.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Sun Nov 10 10:38:19 2019
    Re: Re: Node restrictions
    By: Altere to Lupine Furmen on Wed Nov 06 2019 01:54 pm

    10. Was wanting to designate 5 Telnet and 5 SSH.

    You are aware new users can't logon with SSH right? I don't believe you can create a new user account using SSH if I'm not mistaken.

    Havens BBS

    SysOp: HusTler

    That is incorrect, new users CAN connect and create a new account via SSH ...

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Sun Nov 10 13:49:45 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

    That is incorrect, new users CAN connect and create a new account via SSH ...

    Oh? Maybe I have something setup wrong? How can I do that?

    Havens BBS

    SysOp: HusTler


    ... Modesty is a vastly overrated virtue.

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Sun Nov 10 14:05:22 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

    You are aware new users can't logon with SSH right? I don't believe
    you can create a new user account using SSH if I'm not mistaken.

    That is incorrect, new users CAN connect and create a new account via SSH ...

    Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

    Havens BBS

    SysOp: HusTler


    ... A little inaccuracy sometimes saves tons of explanation.

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Sun Nov 10 17:25:56 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Sun Nov 10 2019 02:05 pm

    That is incorrect, new users CAN connect and create a new account
    via SSH ...

    Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

    I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Matt Rivett@1:103/705 to Nightfox on Sun Nov 10 22:14:46 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

    Re: Re: Node restrictions
    By: HusTler to Mortifis on Sun Nov 10 2019 02:05 pm

    That is incorrect, new users CAN connect and create a new account
    via SSH ...

    Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

    I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

    Nightfox


    Yes that is what I found. If they enter a username and password that doesn't exist it will bring up the login screen allowing new user creation.

    ---
    Synchronet ADTECH - therivetts.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Mon Nov 11 06:00:41 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

    That is incorrect, new users CAN connect and create a new account
    via SSH ...
    That would kinda defeat the purpose of SSH. Thanks
    I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

    Well that sux. Thanks for the heads up. I was not aware of that.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Mon Nov 11 08:45:38 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

    You are aware new users can't logon with SSH right? I don't believe
    you can create a new user account using SSH if I'm not mistaken.

    That is incorrect, new users CAN connect and create a new account via SSH ...

    Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

    I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there is little difference between ssh, telnet, rlogin, etc, except for that the cryptographic aspect of ssh makes the process more secure. Now, if we were talking about being able to create a shell account on a un*x system, that would be a completely different issue, but that is not the case here. For instance, if a user created a new user account on your BBS via telnet, or rlogin, then all of their information would be passed in plain text and possibly 'spied on' during the process; that seems a security risk.

    Rest assured, friend, SSH provides a level of security, especially in this instance!

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Mon Nov 11 08:54:18 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

    You are aware new users can't logon with SSH right? I don't believe
    you can create a new user account using SSH if I'm not mistaken.

    That is incorrect, new users CAN connect and create a new account via SSH ...

    Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

    Havens BBS

    SysOp: HusTler

    What specifically areyour concerns of NUA creation via SSH as opposed to creating an new user account via Telnet? Or is it the ability for New Users to create an account period? (On a related side note: I disabled ;SHELL on my BBS)

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Mon Nov 11 12:25:49 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

    That is incorrect, new users CAN connect and create a new account
    via SSH ...
    That would kinda defeat the purpose of SSH. Thanks
    I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

    Well that sux. Thanks for the heads up. I was not aware of that.

    Havens BBS

    SysOp: HusTler

    I suppose, if you truly wish to disable the ability for a new users to create an account on your BBS using SSH, you could always edit login.js and under the section New User Application (in around line 56) change it to look something like this
    // New user application?
    if(str.toUpperCase()=="NEW") {
    if(client.protocol.toUpperCase() === "SSH") {
    console.writeln('New User Registration via SSH is not allowed because we don\'t like secure connections!');
    mswait(3000);
    bbs.hangup();
    exit(0);
    }

    if(bbs.newuser()) {
    bbs.logon();
    exit();
    }
    continue;
    }

    // Continue normal login (prompting for password)

    :-P

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Mon Nov 11 12:11:59 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Mon Nov 11 2019 12:25 pm

    I've tried that on my BBS, and it seems if users use a bogus
    username and password for the SSH session, they'll still be able
    to connect via SSH, and they'll get the login screen, which
    would allow them to create a new account.

    So anyone can hack their way on to my BBS? I'm going to try and create a new user account with SSH. I know Synchronet Asks for a user name and Password. I've never been able to get the new user logon but I'll try this bogus stuff.




    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Mon Nov 11 12:22:06 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

    I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there is little difference between ssh, telnet, rlogin, etc, except for that the

    I can't login to my BBS with SSH without the right credentials. How are you able to connect to your BBS using SSH and get to the new user account creation?
    I'll assume you are running Syncrhonet BBS and you are able to create a new user account using SSH. I just want to know how you do it and how your board is
    setup to allow it. Thanks

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Mon Nov 11 12:24:02 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

    That is incorrect, new users CAN connect and create a new account
    via SSH ...
    Rest assured, friend, SSH provides a level of security, especially in this instance!

    No.. I won't rest. How are you creating a new user account using ssh?

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From mark lewis@1:3634/12.73 to HusTler on Mon Nov 11 14:20:58 2019

    On 2019 Nov 11 12:11:58, you wrote to Nightfox:

    I've tried that on my BBS, and it seems if users use a bogus
    username and password for the SSH session, they'll still be able to
    connect via SSH, and they'll get the login screen, which would
    allow them to create a new account.

    So anyone can hack their way on to my BBS?

    how are they hacking their way in? SSH requires a username and a password... if
    it doesn't exist on the remote system, it is generally rejected but in the case
    of a BBS, it is SOP to initiate the new user signup stuff... my previous BBS didn't use this "NEW" name thing to initiate a new user signup... it looked for
    the name given and if it didn't exist, it asked if they mistyped or if they want to start a new account... i don't understand the problem you are trying to
    say exists...

    )\/(ark

    Once men turned their thinking over to machines in the hope that this would set
    them free. But that only permitted other men with machines to enslave them.
    ... Always offer to bait your date's hook, especially on the first date.
    ---
    * Origin: (1:3634/12.73)
  • From Nightfox@1:103/705 to HusTler on Mon Nov 11 10:56:40 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Mon Nov 11 2019 06:00 am

    I've tried that on my BBS, and it seems if users use a bogus
    username and password for the SSH session, they'll still be able
    to connect via SSH, and they'll get the login screen, which would
    allow them to create a new account.

    Well that sux. Thanks for the heads up. I was not aware of that.

    Why does that suck?

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Mon Nov 11 10:57:24 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Mon Nov 11 2019 12:11 pm

    I've tried that on my BBS, and it seems if users use a bogus
    username and password for the SSH session, they'll still be able
    to connect via SSH, and they'll get the login screen, which
    would allow them to create a new account.

    So anyone can hack their way on to my BBS? I'm going to try and create a new user account with SSH. I know Synchronet Asks for a user name and Password. I've never been able to get the new user logon but I'll try this bogus stuff.

    I'm not sure what you mean about someone hacking onto your BBS. Synchronet will still require a username and password, as you've said. What is the problem you see?

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Mon Nov 11 20:48:37 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Mon Nov 11 2019 10:57 am

    I'm not sure what you mean about someone hacking onto your BBS. Synchronet will still require a username and password, as you've said. What is the problem you see?


    Maybe I'm not getting ssh. I thought for security reasons a user name and password was needed. I don't see how a new user would be able to login to Synchronet for the first time and create a new user account.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Mon Nov 11 19:07:49 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Mon Nov 11 2019 08:48 pm

    I'm not sure what you mean about someone hacking onto your BBS.
    Synchronet will still require a username and password, as you've
    said. What is the problem you see?

    Maybe I'm not getting ssh. I thought for security reasons a user name and password was needed. I don't see how a new user would be able to login to Synchronet for the first time and create a new user account.

    Normally I think that is part of SSH. But the main thing is that SSH is an encrypted session, rather than sending everything in plaintext like telnet. It
    seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one of the main benefits of SSH).

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Tue Nov 12 04:06:30 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Mon Nov 11 2019 07:07 pm

    Normally I think that is part of SSH. But the main thing is that SSH is an encrypted session, rather than sending everything in plaintext like telnet. It seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one of the main benefits of SSH).

    If you get a chance try and create a new account on my BBS using SSH please.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Tue Nov 12 08:06:29 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

    I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there is little difference between ssh, telnet, rlogin, etc, except for that the

    I can't login to my BBS with SSH without the right credentials. How are you able to connect to your BBS using SSH and get to the new user account creation? I'll assume you are running Syncrhonet BBS and you are able to create a new user account using SSH. I just want to know how you do it and how your board is setup to allow it. Thanks

    I used SyncTerm and used username New, password New, which logged as logon failure but provided the new user questionnaire. I also tried ssh new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Tue Nov 12 08:14:23 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

    That is incorrect, new users CAN connect and create a new account Mo>> via SSH ...
    Rest assured, friend, SSH provides a level of security, especially in this instance!

    No.. I won't rest. How are you creating a new user account using ssh?

    Using SyncTerm, I used User ID: New; Password: New, which presented the NUA.

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Tue Nov 12 08:20:27 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Mon Nov 11 2019 07:07 pm

    Normally I think that is part of SSH. But the main thing is that SSH is an encrypted session, rather than sending everything in plaintext like telnet. It seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one of the main benefits of SSH).

    If you get a chance try and create a new account on my BBS using SSH please.

    I tried, it didn't work on Havens!

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Tue Nov 12 08:36:02 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Tue Nov 12 2019 08:06 am

    I can't login to my BBS with SSH without the right credentials. How
    are you able to connect to your BBS using SSH and get to the new user
    account creation? I'll assume you are running Syncrhonet BBS and you
    are able to create a new user account using SSH. I just want to know
    how you do it and how your board is setup to allow it. Thanks

    I used SyncTerm and used username New, password New, which logged as logon failure but provided the new user questionnaire. I also tried ssh new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

    Holy Cow. I tried the same thing "new@havens.synchro.net" password new and got redirected to vert.synchro.net and a new user signup. Yikes! I didn't know that.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Tue Nov 12 08:42:35 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am

    If you get a chance try and create a new account on my BBS using SSH
    please.

    I tried, it didn't work on Havens!

    Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Lupine Furmen@1:103/705 to HusTler on Tue Nov 12 08:58:59 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Tue Nov 12 2019 04:06:30

    If you get a chance try and create a new account on my BBS using SSH please.

    I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name.
    -+-

    -Dallas Vinson
    Furmens Folly - telnet: loybbs.net:23
    SSH: loybbs.net:23222
    Before the Web - telnet: loybbs.net:23232
    Legends of Yesteryear - telnet: loybbs.net:23322

    ---
    Synchronet Furmen's Folly - furmenservices.net:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Tue Nov 12 10:19:44 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Tue Nov 12 2019 04:06 am

    If you get a chance try and create a new account on my BBS using SSH please.

    When I try to connect to your BBS using SSH with a bogus name/password, I'm unable to connect. SyncTerm said "error activating session".

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Tue Nov 12 13:33:46 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Tue Nov 12 2019 08:42 am

    Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System

    Seems like there should be a setting somewhere for that. If I use a bogus username & password with SSH for my BBS, I get the logon screen.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Tue Nov 12 16:56:56 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Tue Nov 12 2019 08:36 am

    I used SyncTerm and used username New, password New, which logged as logon failure but provided the new user questionnaire. I also tried ssh new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

    Holy Cow. I tried the same thing "new@havens.synchro.net" password new and got redirected to vert.synchro.net and a new user signup. Yikes! I didn't know that.

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
    Nmap scan report for havens.synchro.net (45.56.88.52)
    Host is up (0.080s latency).
    rDNS record for 45.56.88.52: havens.synchronetbbs.org
    Not shown: 983 closed ports
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    70/tcp open gopher
    79/tcp open finger
    80/tcp open http
    110/tcp open pop3
    119/tcp open nntp
    443/tcp open https
    465/tcp open smtps
    513/tcp open login
    587/tcp open submission
    995/tcp open pop3s
    1123/tcp open murray
    2222/tcp open EtherNetIP-1
    6667/tcp open irc

    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    altere@nerf ~ $ ssh -c aes256-cbc -l neb havens.synchro.net -p 2222

    Synchronet BBS for Linux Version 3.17
    SSH connection from: MY_IP
    Resolving hostname...

    Synchronet BBS for Linux Version 3.17 Copyright 2019 Rob Swindell UNKNOWN USER: neb
    Starting new user registration ...
    [] Does your terminal display colors? Yes
    [] HIT your BACKSPACE or DELETE-LEFT key: Character 27 (1Bh) received. !Unsupported backspace key: 1Bh
    [] Continue? Yes [No]

    CLIENT CONN: SSH
    ADDR: <no name> [MY_IP]
    TERM: 80x33 ANSI
    SERVER NAME: Havens BBS
    ADDR: havens.synchronetbbs.org

    Yours is working like everyone elses and will accept new user registrations with a failed user/pass combo. You can confirm your ssh port: grep SSHPort /sbbs/ctrl/sbbs.ini or whatever directory your sbbs.ini file is in.

    I'm with a few others as well though, why is this of importance? Don't you WANT
    new registrations for your Synchronet BBS? If not, just setup a New User Password in SCFG, if they don't have that, they can't create an account.

    -altere

    ---
    Synchronet Athelstan BBS - athelstan.org ssh:2222 telnet:23
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Lupine Furmen on Tue Nov 12 23:04:14 2019
    Re: Re: Node restrictions
    By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

    If you get a chance try and create a new account on my BBS using SSH
    please.
    I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Tue Nov 12 23:08:56 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
    2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Wed Nov 13 00:47:11 2019
    Re: Re: Node restrictions
    By: HusTler to Altere on Tue Nov 12 2019 11:08 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.

    If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

    -altere

    ---
    Synchronet Athelstan BBS athelstan.org telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wed Nov 13 08:09:16 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am

    If you get a chance try and create a new account on my BBS using SSH
    please.

    I tried, it didn't work on Havens!

    Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wed Nov 13 08:23:56 2019
    Re: Re: Node restrictions
    By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

    If you get a chance try and create a new account on my BBS using SSH
    please.
    I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    Seems we have an answer, we are connecting to port 22 on havens.synchro.net which has Ubuntu's (Debian) openSSHd, which of course, the kernel itself is blocking the connection, as it would even with telnet (only root can useradd or a trusted sudo user) but you are running SBBS SSH on port 2222 ... so I tried again ssh new@havens.synchro.net ... and sure enough, I get your logon screen "Starting new user registration... Does your terminal display colors [YES][NO].

    SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wed Nov 13 08:29:00 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

    havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

    Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
    You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

    What's a "regular server"??

    A regular server is a server or suite of services (ie SBBS) that use standard tcp/udp ports, an irregular server is one that listens on non standard ports; port 2222 is a non-standard ssh port therefore is an irregular server

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Wed Nov 13 06:40:08 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Wed Nov 13 2019 12:47 am

    What's a "regular server"??

    Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.


    If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

    Thanks very much for that. The BBS was preconfigured by Marisa. If it aint broke don't fix it. ;-)

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wed Nov 13 09:38:07 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Maybe. Or I attempted to logon the wrong BBS. ;-)

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    I agree but apparently that's not how SSH works. I also believe telnet is not
    as insecure as the internet claims it is. In any case I don't think it's a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to HusTler on Wed Nov 13 11:30:42 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

    I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

    Maybe. Or I attempted to logon the wrong BBS. ;-)

    Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

    I agree but apparently that's not how SSH works.

    That is exactly how SSH works. To be more precise, a typical Linux sshd daemon assumes that one cannot simply connect to a remote system and create their own account, an Administrator (aka root) needs to useradd (or adduser) with the basics, username and password. SSH is simply a connection protocol in which an authentication process must be completed and the username be passed first followed up by a subsequent password. With that said, Synchronet BBS has it's own built in SSH Server, which uses the /ctrl/ssl.cert file as the encryption key. SBBS is designed to have new users create their own accounts, unlike a Linux Shell account!!! Therefore, when one understands how they can open a secure connection to a system like SBBS by using the ssh new@whatever.sbbs.system so that they can create a new user account (on a system that allows new users) they can feel slightly more assured that their new account credentials are being encrypted and less likely to be 'spied on'.

    I also believe telnet is
    not as insecure as the internet claims it is. In any case I don't think it's a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway.

    This is the only thing you've addressed that I disagree with, telnet is 100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned above, Synchronet BBS will allow me to ssh new@yourbbs.com and create said account in a more encrypted manner. (we are not talking about ssh into your non-sbbs system

    Some SysOps don't even have SSH enabled on their
    boards.

    Alot of SysOps don't wear underwear either, but that doesn't make it hygienic :-P

    Oh..I wanted to ask you what the benefits would be to move SSH from
    2222 to another port such as 2323?


    The benefit would be that unless you tell your users what port your ssh server is listening on it would be unlikely to ever be used, in which case you'd might as well just shut SSH off completely. IMHO, some configure their setup to non-standard ports either because their ISP blocks the standard ports, or the sysop has other services running on the standard ports. Me for instance have my commercial server running on Apache port 80, while I have alleycat.synchro.net web interface running on port 81; I have my sbbs ssh on port 22 but my commercial server has sshd running on different port which is blocked to outside access (LAN use only) etc also, having your ssh on port 2222 makes more sense because 2323 would reflect a non-standard telnet port.

    Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

    // New user application?
    if(str.toUpperCase()=="NEW") {
    if(client.protocol.toUpperCase() === 'SSH') {
    console.writeln('Please login with Telnet to complete your registration!');
    bbs.hangup();
    exit();
    }
    if(bbs.newuser()) {
    bbs.logon();
    exit();
    }
    continue;
    }

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wed Nov 13 09:44:55 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 08:23 am

    SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?

    Good question. I'll have to ask MarisG. I've never tried it to be honest. I'm wondering how many new users would think to try it? Maybe I should advertise to be option. Thanks for bringing it to my attention.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Wed Nov 13 11:12:07 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

    2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

    There are no benefits, pick a port and stick with it. If you change ports now, you probably have a firewall rule to change as well so keep that in mind. You don't even have SSH listed as a service in the BBS List.

    -altere

    ---
    Synchronet Athelstan BBS athelstan.org telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wed Nov 13 12:50:33 2019
    Re: Re: Node restrictions
    By: HusTler to Lupine Furmen on Tue Nov 12 2019 11:04 pm

    Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

    It seems on some configurations, you can. If I try to SSH to my BBS with a wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wed Nov 13 12:51:49 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

    I agree but apparently that's not how SSH works. I also believe telnet is not as insecure as the internet claims it is. In any case I don't think

    The thing with telnet is that everything is sent in plain text. Someone could potentially snoop into the connection and see the user's password being sent, for instance.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wed Nov 13 15:51:21 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

    not as insecure as the internet claims it is. In any case I don't

    100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also
    gives BBSing a bad name. That's my 2 cents anyway.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Mortifis on Wed Nov 13 15:58:52 2019
    Re: Re: Node restrictions
    By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

    Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

    Block?? I don't want to block anyone. I want more users not less. I just updated the info to my BBS ad. I'm always adding attempted SSH logins to my ip-can. Now I know what to look out for. ;-) Thanks

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Wed Nov 13 17:17:51 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

    else, can simply see if in plain text. So, should I telnet to your
    board and create a new user account, the username and password that
    I choose is unsecured and can be easily intercepted, however, if I
    use the methods mentioned

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time

    Anything over telnet can be seen and intercepted since everything sent over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wed Nov 13 21:34:15 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Wed Nov 13 2019 12:50 pm

    It seems on some configurations, you can. If I try to SSH to my BBS with a wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..

    Let me see if I can bring the new user application on your BBS.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wed Nov 13 21:41:56 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:34 pm

    It seems on some configurations, you can. If I try to SSH to my BBS
    with a wrong username/password, I am presented with the login screen
    that allows you to create a new account. You can try with my BBS if
    you want..

    Let me see if I can bring the new user application on your BBS.

    I was able to log on to your board on ssh port 2222. User: new pass:new but it
    brought me to some other screen. I got a new user application on mine using the
    same credentials.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Nightfox on Wed Nov 13 21:59:31 2019
    Re: Re: Node restrictions
    By: Nightfox to HusTler on Wed Nov 13 2019 05:17 pm

    It's a BBS. Not the World Bank. What could possibly be intercepted

    over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

    I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not like there's a standard for connecting to a BBS via ssh. I'm trying to get new users
    invloved in BBSing. No need to complicate things with SSH. First they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when
    I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Thu Nov 14 11:03:05 2019
    Re: Re: Node restrictions
    By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

    100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your

    It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also gives BBSing a bad name. That's my 2 cents anyway.

    I think the point is, it's not secure by any means. If I setup a packet sniffer
    and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly,
    especially if you didn't have a current backup or none at all.

    I always recommend using a different password everything. Anything that involves any of my servers that could possibly produce a shell account, I take security into account. With that, I would never use telnet. As a regular user to another BBS where I don't have sysop access, no big deal because I use a different password for those accounts and if someone go my info, they can't really do anything other then lock me out really, or post some crap under my account.

    -altere

    ---
    Synchronet Athelstan BBS athelstan.org telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thu Nov 14 09:56:09 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:41 pm

    I was able to log on to your board on ssh port 2222. User: new pass:new but it brought me to some other screen. I got a new user application on mine using the same credentials.

    What was the screen? I do have a login matrix - is that the screen it was showing?

    Also, odd that you say you connected on port 2222. I have my Synchronet configured to listen on port 22 for SSH. And I don't have port 2222 forwarded to my BBS machine in my router. So I don't know how you were able to connect to my BBS at port 2222.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to HusTler on Thu Nov 14 09:57:45 2019
    Re: Re: Node restrictions
    By: HusTler to Nightfox on Wed Nov 13 2019 09:59 pm

    I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not

    You shouldn't have to guess much.. The standard port for SSH is 22. The sysop
    could change the port though, which is also true for telnet.. The sysop might decide not to use the standard telnet port of 23.

    they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

    Yeah, I like to try to make things easy.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Altere on Thu Nov 14 14:10:54 2019
    I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And
    while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell

    I disabled ;SHELL and ;DOS on my board as found in str_cmds.js

    ---
    Synchronet AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Thu Nov 14 15:04:17 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 11:03 am

    I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly, especially if you didn't have a current backup or none at all.

    So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Altere@1:103/705 to HusTler on Thu Nov 14 15:40:10 2019
    Re: Re: Node restrictions
    By: HusTler to Altere on Thu Nov 14 2019 03:04 pm

    used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to

    So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

    Sniffers don't quite work like that, but even if I had the required information
    to do that, I have nothing to gain from doing so. Other people however like to get into peoples systems just for fun, to run programs, etc. etc.. It's your system, your bbs, you go about it however your please. Some are just explaining
    how telnet is not secure, I've offered one of many examples.

    On another note, say I have a work destop that's used strictly to ssh to a server and some light email checking. While I may not click on suspicious links
    or emails, and it's behind NAT and a firewall doesn't mean I shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    -altere

    ---
    Synchronet Athelstan BBS athelstan.org telnet:23 | ssh:2222
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Altere on Thu Nov 14 14:44:46 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

    shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    I agree. Though it seems like most people in the BBS community don't care too much if their BBS session is insecure.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From HusTler@1:103/705 to Altere on Fri Nov 15 11:05:32 2019
    Re: Re: Node restrictions
    By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

    please. Some are just explaining how telnet is not secure, I've offered one of many examples.

    to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

    I get what your saying and appreciate it. Yes telnet is unsecure. I just feel
    all this talk about how unsecure it is drives off potenial new users. They hear
    from their friends how unsecure BBS's are and don't bother to check them out at
    all. The sky is not going to fall if somone telnets to a BBS. Once the user creates an account the SysOP should remind them of the other connection options
    the board has or doesn't have. There's 2 sides to every coin. One side says "Don't use telnet it's dangerous!" The other side says" Relax telnet is fine. If you need more security use SSH". When someone like yourself makes claims of how easy it is to steal your info using telnet that doesn't promote BBS use. It
    says don't use BBS's. They can watch you and steal your ID. That's NO way to remote the freindly enjoyable hobby we all know and love.
    That's just my opinion.....I could be wrong ;-)

    Havens BBS

    SysOp: HusTler

    ---
    Synchronet Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)