Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?
-+-

-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322

---
þ Synchronet þ Furmen's Folly - furmenservices.net:22
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Is there a way that i can designate certain nodes as strictly SSH and

others

strickly Telnet?

I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

Is there a way that i can designate certain nodes as strictly SSH and others strickly Telnet?

I don't believe there is, I checked SCFG and didn't see any settings to accommodate that, but, why would you want to?

To gaurantee that those using SSH would be able to log on.
-+-

-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322

---
þ Synchronet þ Furmen's Folly - furmenservices.net:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to Lupine Furmen on Tue Nov 05 2019 16:48:51

To gaurantee that those using SSH would be able to log on.
-+-

-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322

---
¨ Synchronet ¨ Furmen's Folly - furmenservices.net:23

how many nodes you running with?

---
þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Richard Williamson to Lupine Furmen on Wed Nov 06 2019 03:03:13

how many nodes you running with?

10. Was wanting to designate 5 Telnet and 5 SSH.
-+-

-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322

---
þ Synchronet þ Furmen's Folly - furmenservices.net:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Lupine Furmen to Mortifis on Tue Nov 05 2019 08:30 pm

Is there a way that i can designate certain nodes as strictly SSH
and others strickly Telnet?

I don't believe there is, I checked SCFG and didn't see any settings
to accommodate that, but, why would you want to?

To gaurantee that those using SSH would be able to log on.

I believe SSH is enabled by default for all nodes in Synchronet. You should only have to forward the SSH port (22 by default) in your router to your BBS machine, and anyone should then be able to log into any node via SSH. You shouldn't have to specifically designate certain nodes only for SSH.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am

how many nodes you running with?

10. Was wanting to designate 5 Telnet and 5 SSH.

You shouldn't have to designate nodes as Telnet or SSH like that.. By default, telnet and SSH are enabled for all nodes, so when someone connects, Synchronet will just use the first node available. It would actually probably be best not to limit the number of nodes that can be used for SSH or telnet.. If you don't limit them, then all 10 nodes would be available for either telnet or SSH, depending on how users connect.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Lupine Furmen wrote to Richard Williamson <=-

how many nodes you running with?

10. Was wanting to designate 5 Telnet and 5 SSH.

Do you honestly think that you'll ever have all 10 nodes being
used, so that another incoming SSH caller couldn't get on?



... Error - Operator out of memory!
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Lupine Furmen to Richard Williamson on Wed Nov 06 2019 08:10 am

how many nodes you running with?

10. Was wanting to designate 5 Telnet and 5 SSH.

Run a 10 node BBS, the only way to accomplish what you're wanting from what I know is to run a 5 node BBS telnet only (disable ssh) on 1 server and a 5 node BBS ssh only (disable telnet) on a second server. That would require sharing the ./sbbs/ctrl directory and maybe others between the two systems. I've never done this, so I wouldn't be any help beyond this info here.

-altere

---
þ Synchronet þ Athelstan BBS - athelstan.org ssh:2222 telnet:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Do you honestly think that you'll ever have all 10 nodes being
used, so that another incoming SSH caller couldn't get on?

only happens if a bot takes them and you don't have MaxConcurrentConnections set to something other then 0

... Error - Operator out of memory!
--- MultiMail/Linux v0.52
¨ Synchronet ¨ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

---
þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Gamgee to Lupine Furmen on Wed Nov 06 2019 11:34 am

Do you honestly think that you'll ever have all 10 nodes being
used, so that another incoming SSH caller couldn't get on?

Yeah, I've been running my current BBS since 2007, and I think the most I've seen on at one time is maybe 3.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to Lupine Furmen on Wed Nov 06 2019 01:54 pm

10. Was wanting to designate 5 Telnet and 5 SSH.

You are aware new users can't logon with SSH right? I don't believe you can create a new user account using SSH if I'm not mistaken.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

ssh and telnet get the same screens

---
þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Richard Williamson to HusTler on Thu Nov 07 2019 11:29 am

ssh and telnet get the same screens

Sorry... I don't get what you are saying.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

actually i was wrong, it is different between ssh/telnet

---
þ Synchronet þ Richard's Fun House BBS | http://richardf.ddns.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to Lupine Furmen on Wed Nov 06 2019 01:54 pm

10. Was wanting to designate 5 Telnet and 5 SSH.

You are aware new users can't logon with SSH right? I don't believe you can create a new user account using SSH if I'm not mistaken.

Havens BBS

SysOp: HusTler

That is incorrect, new users CAN connect and create a new account via SSH ...

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

That is incorrect, new users CAN connect and create a new account via SSH ...

Oh? Maybe I have something setup wrong? How can I do that?

Havens BBS

SysOp: HusTler


... Modesty is a vastly overrated virtue.

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

You are aware new users can't logon with SSH right? I don't believe
you can create a new user account using SSH if I'm not mistaken.

That is incorrect, new users CAN connect and create a new account via SSH ...

Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

Havens BBS

SysOp: HusTler


... A little inaccuracy sometimes saves tons of explanation.

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Sun Nov 10 2019 02:05 pm

That is incorrect, new users CAN connect and create a new account
via SSH ...

Please reply as soon as possible. I have some security questions

regarding

Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

Re: Re: Node restrictions
By: HusTler to Mortifis on Sun Nov 10 2019 02:05 pm

That is incorrect, new users CAN connect and create a new account
via SSH ...

Please reply as soon as possible. I have some security questions regarding Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

Nightfox

Yes that is what I found. If they enter a username and password that doesn't exist it will bring up the login screen allowing new user creation.

---
þ Synchronet þ ADTECH - therivetts.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

That is incorrect, new users CAN connect and create a new account
via SSH ...

That would kinda defeat the purpose of SSH. Thanks

I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to create a new account.

Well that sux. Thanks for the heads up. I was not aware of that.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

You are aware new users can't logon with SSH right? I don't believe
you can create a new user account using SSH if I'm not mistaken.

That is incorrect, new users CAN connect and create a new account via SSH ...

Please reply as soon as possible. I have some security questions

regarding

Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there is little difference between ssh, telnet, rlogin, etc, except for that the cryptographic aspect of ssh makes the process more secure. Now, if we were talking about being able to create a shell account on a un*x system, that would be a completely different issue, but that is not the case here. For instance, if a user created a new user account on your BBS via telnet, or rlogin, then all of their information would be passed in plain text and possibly 'spied on' during the process; that seems a security risk.

Rest assured, friend, SSH provides a level of security, especially in this instance!

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Sun Nov 10 2019 10:38 am

You are aware new users can't logon with SSH right? I don't believe
you can create a new user account using SSH if I'm not mistaken.

That is incorrect, new users CAN connect and create a new account via SSH ...

Please reply as soon as possible. I have some security questions

regarding

Synchronet if new users can create an account via SSH. That would kinda defeat the purpose of SSH. Thanks

Havens BBS

SysOp: HusTler

What specifically areyour concerns of NUA creation via SSH as opposed to creating an new user account via Telnet? Or is it the ability for New Users to
create an account period? (On a related side note: I disabled ;SHELL on my BBS)

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Sun Nov 10 2019 05:25 pm

That is incorrect, new users CAN connect and create a new account
via SSH ...

That would kinda defeat the purpose of SSH. Thanks

I've tried that on my BBS, and it seems if users use a bogus username and password for the SSH session, they'll still be able to connect via SSH, and they'll get the login screen, which would allow them to

create

a new account.

Well that sux. Thanks for the heads up. I was not aware of that.

Havens BBS

SysOp: HusTler

I suppose, if you truly wish to disable the ability for a new users to create an account on your BBS using SSH, you could always edit login.js and under the section New User Application (in around line 56) change it to look something like this
// New user application?
if(str.toUpperCase()=="NEW") {
if(client.protocol.toUpperCase() === "SSH") {
console.writeln('New User Registration via SSH is not allowed because we don\'t like secure connections!');
mswait(3000);
bbs.hangup();
exit(0);
}

if(bbs.newuser()) {
bbs.logon();
exit();
}
continue;
}

// Continue normal login (prompting for password)

:-P

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Mon Nov 11 2019 12:25 pm

I've tried that on my BBS, and it seems if users use a bogus
username and password for the SSH session, they'll still be able
to connect via SSH, and they'll get the login screen, which
would allow them to create a new account.

So anyone can hack their way on to my BBS? I'm going to try and create a new user account with SSH. I know Synchronet Asks for a user name and Password. I've never been able to get the new user logon but I'll try this bogus stuff.




Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there is little difference between ssh, telnet, rlogin, etc, except for that the

I can't login to my BBS with SSH without the right credentials. How are you able to connect to your BBS using SSH and get to the new user account creation? I'll assume you are running Syncrhonet BBS and you are able to create a new user account using SSH. I just want to know how you do it and how your board is setup to allow it. Thanks

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

That is incorrect, new users CAN connect and create a new account
via SSH ...

Rest assured, friend, SSH provides a level of security, especially in

this

instance!

No.. I won't rest. How are you creating a new user account using ssh?

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Mon Nov 11 2019 06:00 am

I've tried that on my BBS, and it seems if users use a bogus
username and password for the SSH session, they'll still be able
to connect via SSH, and they'll get the login screen, which would
allow them to create a new account.

Well that sux. Thanks for the heads up. I was not aware of that.

Why does that suck?

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Mon Nov 11 2019 12:11 pm

I've tried that on my BBS, and it seems if users use a bogus
username and password for the SSH session, they'll still be able
to connect via SSH, and they'll get the login screen, which
would allow them to create a new account.

So anyone can hack their way on to my BBS? I'm going to try and create a new user account with SSH. I know Synchronet Asks for a user name and Password. I've never been able to get the new user logon but I'll try

this

bogus stuff.

I'm not sure what you mean about someone hacking onto your BBS. Synchronet will still require a username and password, as you've said. What is the problem you see?

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 2019 Nov 11 12:11:58, you wrote to Nightfox:

I've tried that on my BBS, and it seems if users use a bogus
username and password for the SSH session, they'll still be able to
connect via SSH, and they'll get the login screen, which would
allow them to create a new account.

So anyone can hack their way on to my BBS?

how are they hacking their way in? SSH requires a username and a password... if it doesn't exist on the remote system, it is generally rejected but in the case of a BBS, it is SOP to initiate the new user signup stuff... my previous BBS didn't use this "NEW" name thing to initiate a new user signup... it looked for the name given and if it didn't exist, it asked if they mistyped or if they want to start a new account... i don't understand the problem you are trying to say exists...

)\/(ark

Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.
... Always offer to bait your date's hook, especially on the first date.
---
* Origin: (1:3634/12.73)

Re: Re: Node restrictions
By: Nightfox to HusTler on Mon Nov 11 2019 10:57 am

I'm not sure what you mean about someone hacking onto your BBS.

Synchronet

will still require a username and password, as you've said. What is the problem you see?

Maybe I'm not getting ssh. I thought for security reasons a user name and password was needed. I don't see how a new user would be able to login to Synchronet for the first time and create a new user account.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Mon Nov 11 2019 08:48 pm

I'm not sure what you mean about someone hacking onto your BBS.
Synchronet will still require a username and password, as you've
said. What is the problem you see?

Maybe I'm not getting ssh. I thought for security reasons a user name and password was needed. I don't see how a new user would be able to login to Synchronet for the first time and create a new user account.

Normally I think that is part of SSH. But the main thing is that SSH is an encrypted session, rather than sending everything in plaintext like telnet. It seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one of the main benefits of SSH).

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Mon Nov 11 2019 07:07 pm

Normally I think that is part of SSH. But the main thing is that SSH is

an

encrypted session, rather than sending everything in plaintext like telnet. It seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one of the main benefits of SSH).

If you get a chance try and create a new account on my BBS using SSH please.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

I do not believe that there is a security risk with new users creating an account on a BBS using SSH, as, IMHO when it comes to a BBS there

is

little difference between ssh, telnet, rlogin, etc, except for that

the

I can't login to my BBS with SSH without the right credentials. How are you able to connect to your BBS using SSH and get to the new user account creation? I'll assume you are running Syncrhonet BBS and you are able to create a new user account using SSH. I just want to know how you do it and how your board is setup to allow it. Thanks

I used SyncTerm and used username New, password New, which logged as logon failure but provided the new user questionnaire. I also tried ssh new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Mon Nov 11 2019 08:45 am

That is incorrect, new users CAN connect and create a new account Mo>> via SSH ...

Rest assured, friend, SSH provides a level of security, especially in this instance!

No.. I won't rest. How are you creating a new user account using ssh?

Using SyncTerm, I used User ID: New; Password: New, which presented the NUA.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Mon Nov 11 2019 07:07 pm

Normally I think that is part of SSH. But the main thing is that SSH

is

an encrypted session, rather than sending everything in plaintext like telnet. It seems Synchronet is set up so that if a username & password is incorrect over SSH, Synchronet will show the login screen. But the user will still be using an encrypted session with SSH (which is one

of

the main benefits of SSH).

If you get a chance try and create a new account on my BBS using SSH please.

I tried, it didn't work on Havens!

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Tue Nov 12 2019 08:06 am

I can't login to my BBS with SSH without the right credentials. How
are you able to connect to your BBS using SSH and get to the new user
account creation? I'll assume you are running Syncrhonet BBS and you
are able to create a new user account using SSH. I just want to know
how you do it and how your board is setup to allow it. Thanks

I used SyncTerm and used username New, password New, which logged as

logon

failure but provided the new user questionnaire. I also tried ssh new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

Holy Cow. I tried the same thing "new@havens.synchro.net" password new and got redirected to vert.synchro.net and a new user signup. Yikes! I didn't know that.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am

If you get a chance try and create a new account on my BBS using SSH
please.

I tried, it didn't work on Havens!

Thanks. So I guess new users have to use telnet to create a new account on Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Tue Nov 12 2019 04:06:30

If you get a chance try and create a new account on my BBS using SSH please.

I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name.
-+-

-Dallas Vinson
Furmens Folly - telnet: loybbs.net:23
SSH: loybbs.net:23222
Before the Web - telnet: loybbs.net:23232
Legends of Yesteryear - telnet: loybbs.net:23322

---
þ Synchronet þ Furmen's Folly - furmenservices.net:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Tue Nov 12 2019 04:06 am

If you get a chance try and create a new account on my BBS using SSH please.

When I try to connect to your BBS using SSH with a bogus name/password, I'm unable to connect. SyncTerm said "error activating session".

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Tue Nov 12 2019 08:42 am

Thanks. So I guess new users have to use telnet to create a new account

on

Havens BBS. Unless of course a account is created in advance by the

System

Seems like there should be a setting somewhere for that. If I use a bogus username & password with SSH for my BBS, I get the logon screen.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Tue Nov 12 2019 08:36 am

I used SyncTerm and used username New, password New, which logged as logon failure but provided the new user questionnaire. I also tried

ssh

new@alleycat.synchro.net from a Linux Terminal, which did not work, seems Syncterm kept the connection open.

Holy Cow. I tried the same thing "new@havens.synchro.net" password new

and

got redirected to vert.synchro.net and a new user signup. Yikes! I didn't know that.

havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
Nmap scan report for havens.synchro.net (45.56.88.52)
Host is up (0.080s latency).
rDNS record for 45.56.88.52: havens.synchronetbbs.org
Not shown: 983 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
70/tcp open gopher
79/tcp open finger
80/tcp open http
110/tcp open pop3
119/tcp open nntp
443/tcp open https
465/tcp open smtps
513/tcp open login
587/tcp open submission
995/tcp open pop3s
1123/tcp open murray
2222/tcp open EtherNetIP-1
6667/tcp open irc

You don't see 2222 open on most regular servers, and just so happens to be the port I run Synchronet's sshd on as well.

altere@nerf ~ $ ssh -c aes256-cbc -l neb havens.synchro.net -p 2222

Synchronet BBS for Linux Version 3.17
SSH connection from: MY_IP
Resolving hostname...

Synchronet BBS for Linux Version 3.17 Copyright 2019 Rob Swindell UNKNOWN USER: neb
Starting new user registration ...
[û] Does your terminal display colors? Yes
[û] HIT your BACKSPACE or DELETE-LEFT key: Character 27 (1Bh) received. !Unsupported backspace key: 1Bh
[û] Continue? Yes [No]

CLIENT CONN: SSH
ADDR: <no name> [MY_IP]
TERM: 80x33 ANSI
SERVER NAME: Havens BBS
ADDR: havens.synchronetbbs.org

Yours is working like everyone elses and will accept new user registrations with a failed user/pass combo. You can confirm your ssh port: grep SSHPort /sbbs/ctrl/sbbs.ini or whatever directory your sbbs.ini file is in.

I'm with a few others as well though, why is this of importance? Don't you WANT new registrations for your Synchronet BBS? If not, just setup a New User Password in SCFG, if they don't have that, they can't create an account.

-altere

---
þ Synchronet þ Athelstan BBS - athelstan.org ssh:2222 telnet:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

If you get a chance try and create a new account on my BBS using SSH
please.

I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as the user name. -+-

Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST
2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens to

be

the port I run Synchronet's sshd on as well.

What's a "regular server"??

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Altere on Tue Nov 12 2019 11:08 pm

havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens

to

be the port I run Synchronet's sshd on as well.

What's a "regular server"??

Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.

If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Tue Nov 12 2019 08:20 am

If you get a chance try and create a new account on my BBS using SSH
please.

I tried, it didn't work on Havens!

Thanks. So I guess new users have to use telnet to create a new account

on

Havens BBS. Unless of course a account is created in advance by the System Sysop. I'm still looking into this re-direct to vert I'm experiencing but that may have something to do with the system that hosts my BBS.

I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin
are not.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Lupine Furmen to HusTler on Tue Nov 12 2019 08:58 am

If you get a chance try and create a new account on my BBS using SSH
please.

I just tried and (I use Syncterm) and it would not even create the secure session. I tried making up creds and even tried using NEW as

the

user name. -+-

Thanks. That's what I expected. I'm not sure why I was corrected when I said you can't create a new user account using SSH.

Seems we have an answer, we are connecting to port 22 on havens.synchro.net which has Ubuntu's (Debian) openSSHd, which of course, the kernel itself is blocking the connection, as it would even with telnet (only root can useradd or
a trusted sudo user) but you are running SBBS SSH on port 2222 ... so I tried again ssh new@havens.synchro.net ... and sure enough, I get your logon screen "Starting new user registration... Does your terminal display colors [YES][NO].

SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet new user registrations?

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Tue Nov 12 2019 04:56 pm

havens.synchro.net, port 22 is behaving like OpenSSH and not Synchronet's sshd so I ran a scan on havens.synchro.net:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-12 16:38 CST 2222/tcp open EtherNetIP-1
You don't see 2222 open on most regular servers, and just so happens

to

be the port I run Synchronet's sshd on as well.

What's a "regular server"??

A regular server is a server or suite of services (ie SBBS) that use standard tcp/udp ports, an irregular server is one that listens on non standard ports; port 2222 is a non-standard ssh port therefore is an irregular server

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Wed Nov 13 2019 12:47 am

What's a "regular server"??

Sorry. To clarify... You won't normally see servers with port 2222 open. The point being that should be taken out of this is that your Synchronet sshd is listening on port 2222 because the servers sshd (to allow you to login and administer the whole server, not just synchronet) OpenSSH is listening on port 22 already. I'm assuming Marisa set this part up so rather then changing the servers ssh port she changed Synchronets ssh port.

If you ssh to a server without specifying a port, it will use the default 22. To connect to your Synchronet BBS using SSH, you need to specify port 2222 instead.

Thanks very much for that. The BBS was preconfigured by Marisa. If it aint broke don't fix it. ;-)

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect

to

Vertrauen ??

Maybe. Or I attempted to logon the wrong BBS. ;-)

Personally, though, I believe that one should be able to create a new

user

account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

I agree but apparently that's not how SSH works. I also believe telnet is not as insecure as the internet claims it is. In any case I don't think it's a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 08:09 am

I have not experienced the redirect and am unsure what would/could cause that. Perhaps synchronetbbs.org has a failed ssh login attempt redirect to Vertrauen ??

Maybe. Or I attempted to logon the wrong BBS. ;-)

Personally, though, I believe that one should be able to create a new user account via SSH, since it is, after all, a secure shell, whereas, telnet/rlogin are not.

I agree but apparently that's not how SSH works.

That is exactly how SSH works. To be more precise, a typical Linux sshd daemon
assumes that one cannot simply connect to a remote system and create their own account, an Administrator (aka root) needs to useradd (or adduser) with the basics, username and password. SSH is simply a connection protocol in which an
authentication process must be completed and the username be passed first followed up by a subsequent password. With that said, Synchronet BBS has it's
own built in SSH Server, which uses the /ctrl/ssl.cert file as the encryption key. SBBS is designed to have new users create their own accounts, unlike a Linux Shell account!!! Therefore, when one understands how they can open a secure connection to a system like SBBS by using the ssh new@whatever.sbbs.system so that they can create a new user account (on a system that allows new users) they can feel slightly more assured that their new account credentials are being encrypted and less likely to be 'spied on'.

I also believe telnet is
not as insecure as the internet claims it is. In any case I don't think

it's

a big deal to create an account using telnet and then using SSH on port 2222. On my board anyway.

This is the only thing you've addressed that I disagree with, telnet is 100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if
in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily
intercepted, however, if I use the methods mentioned above, Synchronet BBS will
allow me to ssh new@yourbbs.com and create said account in a more encrypted manner. (we are not talking about ssh into your non-sbbs system

Some SysOps don't even have SSH enabled on their
boards.

Alot of SysOps don't wear underwear either, but that doesn't make it hygienic :-P

Oh..I wanted to ask you what the benefits would be to move SSH from
2222 to another port such as 2323?

The benefit would be that unless you tell your users what port your ssh server is listening on it would be unlikely to ever be used, in which case you'd might
as well just shut SSH off completely. IMHO, some configure their setup to non-standard ports either because their ISP blocks the standard ports, or the sysop has other services running on the standard ports. Me for instance have my commercial server running on Apache port 80, while I have alleycat.synchro.net web interface running on port 81; I have my sbbs ssh on port 22 but my commercial server has sshd running on different port which is blocked to outside access (LAN use only) etc also, having your ssh on port 2222 makes more sense because 2323 would reflect a non-standard telnet port.

Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

// New user application?
if(str.toUpperCase()=="NEW") {
if(client.protocol.toUpperCase() === 'SSH') {
console.writeln('Please login with Telnet to complete your registration!');
bbs.hangup();
exit();
}
if(bbs.newuser()) {
bbs.logon();
exit();
}
continue;
}

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 08:23 am

SBBS Allows for the creation of user accounts, and these accounts are isolated from the rest of the OS if you run as non-root (I disable ;DOS ;SHELL str_cmds.js for security) ... so I ask this question, friend, why do you want to block ssh new user registrations but are ok with telnet

new

user registrations?

Good question. I'll have to ask MarisG. I've never tried it to be honest. I'm wondering how many new users would think to try it? Maybe I should advertise to be option. Thanks for bringing it to my attention.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

2222. On my board anyway. Some SysOps don't even have SSH enabled on their boards. Oh..I wanted to ask you what the benefits would be to move SSH from 2222 to another port such as 2323?

There are no benefits, pick a port and stick with it. If you change ports now, you probably have a firewall rule to change as well so keep that in mind. You don't even have SSH listed as a service in the BBS List.

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Wed Nov 13 2019 09:38 am

I agree but apparently that's not how SSH works. I also believe telnet is not as insecure as the internet claims it is. In any case I don't think

The thing with telnet is that everything is sent in plain text. Someone could potentially snoop into the connection and see the user's password being sent, for instance.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

not as insecure as the internet claims it is. In any case I don't

100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your board and create a new user account, the username and password that I choose is unsecured and can be easily intercepted, however, if I use the methods mentioned

It's a BBS. Not the World Bank. What could possibly be intercepted even if I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on me all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's all bullshit and users that talk about this nonsense just scares new BBS users away. It also gives BBSing a bad name. That's my 2 cents anyway.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Mortifis to HusTler on Wed Nov 13 2019 11:30 am

Anyway, as I have mentioned before, if you truly wish to block new users from being able to create a new user account with ssh (block ssh new@havens.synchro.net edit your login.js and in around line 56 change it to look similar to this

Block?? I don't want to block anyone. I want more users not less. I just updated the info to my BBS ad. I'm always adding attempted SSH logins to my ip-can. Now I know what to look out for. ;-) Thanks

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

else, can simply see if in plain text. So, should I telnet to your
board and create a new user account, the username and password that
I choose is unsecured and can be easily intercepted, however, if I
use the methods mentioned

It's a BBS. Not the World Bank. What could possibly be intercepted even

if

I was spied on? Seems to me someone would have to invest a lot of time

Anything over telnet can be seen and intercepted since everything sent over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Wed Nov 13 2019 12:50 pm

It seems on some configurations, you can. If I try to SSH to my BBS with wrong username/password, I am presented with the login screen that allows you to create a new account. You can try with my BBS if you want..

Let me see if I can bring the new user application on your BBS.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Wed Nov 13 2019 09:34 pm

It seems on some configurations, you can. If I try to SSH to my BBS
with a wrong username/password, I am presented with the login screen
that allows you to create a new account. You can try with my BBS if
you want..

Let me see if I can bring the new user application on your BBS.

I was able to log on to your board on ssh port 2222. User: new pass:new but it brought me to some other screen. I got a new user application on mine using the same credentials.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Nightfox to HusTler on Wed Nov 13 2019 05:17 pm

It's a BBS. Not the World Bank. What could possibly be intercepted

over telnet is sent in plain text. The argument is who would really care enough to do that. That said, IMO it doesn't really hurt to use an encrypted connection like SSH if someone really cares about that.

I agree. But every Sysop runs their BBS differently. That said I don't try and guess what port they are running ssh on. I just use telnet. It's not like there's a standard for connecting to a BBS via ssh. I'm trying to get new users invloved in BBSing. No need to complicate things with SSH. First they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Mortifis on Wed Nov 13 2019 03:51 pm

100% plain text, therefore, if someone is able to intercept the packets, the username and password, along with just about everything else, can simply see if in plain text. So, should I telnet to your

It's a BBS. Not the World Bank. What could possibly be intercepted even

if

I was spied on? Seems to me someone would have to invest a lot of time just to learn when I connect to a BBS with Telnet. Then when they listen in on

me

all they get is some posts and replies on a BBS. I don't think it's worth it. What are they gonna do? Hack my account? Get my email password? It's

all

bullshit and users that talk about this nonsense just scares new BBS users away. It also gives BBSing a bad name. That's my 2 cents anyway.

I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly, especially if you didn't have a current backup or none at all.

I always recommend using a different password everything. Anything that involves any of my servers that could possibly produce a shell account, I take security into account. With that, I would never use telnet. As a regular user to another BBS where I don't have sysop access, no big deal because I use a different password for those accounts and if someone go my info, they can't really do anything other then lock me out really, or post some crap under my account.

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Wed Nov 13 2019 09:41 pm

I was able to log on to your board on ssh port 2222. User: new pass:new but it brought me to some other screen. I got a new user application on mine using the same credentials.

What was the screen? I do have a login matrix - is that the screen it was showing?

Also, odd that you say you connected on port 2222. I have my Synchronet configured to listen on port 22 for SSH. And I don't have port 2222 forwarded to my BBS machine in my router. So I don't know how you were able to connect to my BBS at port 2222.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Nightfox on Wed Nov 13 2019 09:59 pm

I agree. But every Sysop runs their BBS differently. That said I don't

try

and guess what port they are running ssh on. I just use telnet. It's not

You shouldn't have to guess much.. The standard port for SSH is 22. The sysop could change the port though, which is also true for telnet.. The sysop might decide not to use the standard telnet port of 23.

they need to install terminal software and then connect with telnet. We can get to the SSH stuff after they create a new user account. I had no clue what I was doing when I started BBSing. I learned from others that took me under their wing. That's my 2 cents anywayz.

Yeah, I like to try to make things easy.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And
while it might not be to a bank, I could then login to your bbs as sysop

and

then drop into a ;shell

I disabled ;SHELL and ;DOS on my board as found in str_cmds.js

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Thu Nov 14 2019 11:03 am

I think the point is, it's not secure by any means. If I setup a packet sniffer and logged, I could easily go back and find when you made that telnet connection, to where, and with what user names and passwords you used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire OS, change settings in scfg, etc., creating more of a headache for you to go back and set it all back up properly, especially if you didn't have a current backup or none at all.

So go for it. I've been hearing these horror stories for over 20 years. Go ahead I'd like to see that. Just let me know it was you. What's the point of running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: HusTler to Altere on Thu Nov 14 2019 03:04 pm

used. And while it might not be to a bank, I could then login to your bbs as sysop and then drop into a ;shell and If I've logged your shell user/password and it's a sudo account, I could just wipe the entire

OS,

change settings in scfg, etc., creating more of a headache for you to

So go for it. I've been hearing these horror stories for over 20 years.

Go

ahead I'd like to see that. Just let me know it was you. What's the point

of

running a BBS if it's that easy. Please..Crash it now before I put all my time into it.

Sniffers don't quite work like that, but even if I had the required information to do that, I have nothing to gain from doing so. Other people however like to get into peoples systems just for fun, to run programs, etc. etc.. It's your system, your bbs, you go about it however your please. Some are just explaining how telnet is not secure, I've offered one of many examples.

On another note, say I have a work destop that's used strictly to ssh to a server and some light email checking. While I may not click on suspicious links or emails, and it's behind NAT and a firewall doesn't mean I shouldn't run an antivirus program. In other words, if you have the option to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

shouldn't run an antivirus program. In other words, if you have the

option

to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

I agree. Though it seems like most people in the BBS community don't care too much if their BBS session is insecure.

Nightfox

---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Node restrictions
By: Altere to HusTler on Thu Nov 14 2019 03:40 pm

please. Some are just explaining how telnet is not secure, I've offered one of many examples.

to be more secure with your own information, why not use it? But as they say, you can lead a horse to water but you can't make him drink.

I get what your saying and appreciate it. Yes telnet is unsecure. I just feel all this talk about how unsecure it is drives off potenial new users. They hear from their friends how unsecure BBS's are and don't bother to check them out at all. The sky is not going to fall if somone telnets to a BBS. Once the user creates an account the SysOP should remind them of the other connection options the board has or doesn't have. There's 2 sides to every coin. One side says "Don't use telnet it's dangerous!" The other side says" Relax telnet is fine. If you need more security use SSH". When someone like yourself makes claims of how easy it is to steal your info using telnet that doesn't promote BBS use. It says don't use BBS's. They can watch you and steal your ID. That's NO way to remote the freindly enjoyable hobby we all know and love.
That's just my opinion.....I could be wrong ;-)

Havens BBS

SysOp: HusTler

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)