Sure, if they don't offer an SSH option.
I offer telnet for those who don't care, I also offer SSH for those who
do.
On 03-21-21 13:45, apam wrote to Atreyu <=-
I offer telnet for those who don't care, I also offer SSH for those who do.
I hope Seth Able never sees this! There goes my free turns playing LORD.
accept telnet connections. Will you lecture them all how insecure their systems are or will you just single out mine because I refuse the
paranoid party line?
and to actually answer your question, it's because people feel as though your actions are hypocritical, rather than it being about security or "the paranoid party line". They're aiming at the perceived hypocrisy, not the security.
I hope Seth Able never sees this! There goes my free turns playing LO
Bah. Let him see it. Dude sometimes expresses his love by sending me negati money.
Also, I have a sneaking suspicion that he's really just pursuing Jenny Gart
This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".
BBSing hasn't really changed much in 30 years
Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has a bigger caring penis.
Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.
Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.
1. ac> I would have to explore how a guest login/"new user login" etc. could be ac> accomplished to make it look "normal".not related directly to your post per se. but i set up stunnel today for "telnet/ssl" .. basically accepts the ssl connection on port 992 and forwards it to port 23 locally. i know of one client that supports this, which is ZOC (and it costs money..) but it works perfectly. it also doesn't do anything special with auth like SSH does, so it connects and displays text immediately like you'd expect of a bbs.that said, ZOC at least didn't mention anything about the certificate. i might dig around in there to see if there's any info. so for at least off the top of my head the only way to verify the certificate is via using the openssl command: openssl s_client -connect <host>:992if anyone wanted to verify certificates they would need to check the hostname and match the certificates from the server to a local certificate store..free certificates can be had from letsencrypt so that's not really a problem, or i'm assuming just something like "trust this certificate" on first login would suffice for most people..now only if syncterm et al. supported it :)--- SBBSecho 3.14-Linux
Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.
Why sould I do such a thing without using a VPN to my home network? :)
Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.
I might add two reasons why I don't offer SSH access to my Synchronet BBS:
You WANT the super hacker community to know you're banging a slut...
I might add two reasons why I don't offer SSH access to my Synchronet BBS:
1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".
2.
My target audience especially includes retrocomputing people who very often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.
So I chose to stick to Telnet access.
(Access to the Synchronet web server indeed is HTTPS only with an Apache reverse proxy inbetween and the fTelnet connection is also using HTTPS only, so this is a secure alternative here)
I could be wrong but I think that using ssh even over an insecure
wifi connection is secure end to end. We'd have to check with network
savy people to be sure of that.
Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a
thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has
a bigger caring penis.
This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".
Ha, yeah, that was me. So awesome to be called an idiot for asking a question.
Anyway, maybe it's time to put a stake in the heart of this thread.
Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.
2. My target audience especially includes retrocomputing people who very
often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.
(Besides, it's already well established in game that all sex in LoRD is public. Evidently there's a creepy old man who spies in all the key holes to figure out what everyone is doing that the drunks find so mystifying.)
I just logged in as guest via ssh. I used the name guest and the
password bogus. I also logged in as new the same way and created a new account using the same bogus password.
Perhaps it would be more normal if the ssh server didn't require a password when logging in as guest or new?
That would be a good feature request for the developers. You could make
that comment to Digital Man so he could give it some thought.
I could be wrong but I think that using ssh even over an insecure wifi connection is secure end to end. We'd have to check with network savy
people to be sure of that.
Already pointed out, but the clients would pretty much have to tunnel through a SSH connection. Perfectly doable, but probably not something you're _generally_ going to do when connecting via C64 or what not :)
With that said, a lot of the WiFi modems are essentially Arduinos and the like that are perfectly capable of doing the SSH locally. Gives me ideas :)
So what SSH should do here is: only check the host keys, create a secure ac> connection and then display the rest.this should be possible. the library that everyone in the bbs scene seems to use for ssh just either doesn't seem to support it or nobody decided to use it that way. i did read up a bit on it and it did make it sound like it was designed for simplicity of implementation..kind of unfortunate really that support is all over the place. maybe i should be writing sample code and distributing it far and wide instead of hootin' and hollerin ;) (for whoever might be watching: libbsh. though not libssh2! should do this just fine. heck you can ignore what the client says and just say "you're logged" in without ever checking anything)--- SBBSecho 3.14-Linux
Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".
Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".
Atreyu
So what SSH should do here is: only check the host keys, create a secure
connection and then display the rest.
This implies that no user certificate check would be possible.
But at least it would "feel" the old way.
And I don't know if it is possible with existing SSH clients :)
Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to "You didn't tell me you were effin' married".
Atreyu
It all began on BBSes. :P Lol.
When there was nothing to watch on TV, I'd watch the BBS console.
*Plenty* of entertainment. Especially at midnight when the door games roll-over the turns, the lines used to get slammed with calls.
Atreyu
You know, being 16 years old or so and running a halfway decent 2-line BBS i Toledo, OH... it was totally a 'bube toob' for me to watch back then! I haven't used the nodespy software since coming back to BBSes in recent years but I'd be a fibber if I said I never did that in my lifetime!
Only thing interesting here lately is some guy that calls mine and really At> plays the heck out of LORD 2. That one where its the overhead-map Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.--- SBBSecho 3.14-Linux
Only thing interesting here lately is some guy that calls mine and really
plays the heck out of LORD 2. That one where its the overhead-mapZelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.
I thought I'd let you know that your messages are unreadable for some de> reason. I see you are using the new fork of SBBS - so not sure if that is de> related - but I cannot determine the difference between what you quoted de> and what you replied to. I've seen it a few times so I thought I'd mention de> it. eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!--- SBBSecho 3.14-Linux
Re: Re: Anonymous SSH login
By: Fusion to Atreyu on Wed Mar 24 2021 10:11 pm
Howdy,
I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.
Here is an example from this message:
Only thing interesting here lately is some guy that calls mine and really
plays the heck out of LORD 2. That one where its the overhead-mapZelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.
Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm
I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.
eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!
His messages look fine here. Maybe they're being reformatted in-route to your system.
Odd indeed.
I'm pretty sure I've noticed it in a couple of nets. I'll pay more
attention and see if there is something else in common, other than
VERT (if that's where they originate) and me.
Re: Re: Anonymous SSH login
By: Digital Man to deon on Thu Mar 25 2021 11:41 am
His messages look fine here. Maybe they're being reformatted in-route to your system.
Odd indeed.
I'm pretty sure I've noticed it in a couple of nets. I'll pay more attention and see if there is something else in common, other than VERT (if that's where they originate) and me.
Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.
eek. probably this one too. i don't run the board i'm currently posting on >> fsxnet from (it's the main synchronet board) so i've reached out to Digital >> Man. thanks for letting me know!
Looks fine to me.
Am 25.03.21 schrieb Digital Man@21:1/183 in FSX_BBS:
Here, the messages from him also do look garbled.
It looks like the linebreaks are stripped out or are converted wrongly
en route to my point (I'm using OpenXP which has my SBBS as uplink).
Since this silly convo is about holding obsolete BBS stuff to the same cybersecurity practices of today, "no", BBS software was never made to
be secure.
No it wasn't. Back then it was a direct call from point A to point B. There was no need for encryption.
There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly BBS that has not been designed with any security beyond text-passwords or has any innovation beyond being executable by an equally silly telnet server.
your idea that the bbs is stuck in a fixed point in time that you're fond of simply isn't based on facts.
As someone running a 24/7 board since 1993 on the same software, sporadically patched over decades... the idea that some hacker is going to snoop and somehow gain access to my personal crap via my board is totally laughable.
You literally included "personal" in your example list, which is what BBSing is.
- All available points of information are fed into a system.
- This system links the points of data as much as possible.
- This allows for example your FB post or your work traffic, so on to still "you". This includes telnet traffic.
Your argument is you haven't been hacked yet? This dodges the point of data being collected, but you're also probably not a target. If you become one fo one reason or another, you're open to the world and absolutely will get hacked. It's childs play.
All Sysop commands and shell have been gutted here completely and I do not At> remote into my own board from outside my LAN.he says:> security isn't important> why bother it's just a bbsand then takes steps to prevent things we're suggesting could happen--- SBBSecho 3.14-Linux
There is no "argument" because I'm not "arguing" anything. I'm actually finding all of this hilarious that in 2021 suddenly apparently its a proble to be running a telnet system with 90's-era software that one can supposedl "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.
All Sysop commands and shell have been gutted here completely andI do not
remote into my own board from outside my LAN.
he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen
All Sysop commands and shell have been gutted here completely and I donot At> remote into my own board from outside my LAN.he says:> security isn' important> why bother it's just a bbsand then takes steps to prevent things we're suggesting could happen
Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 199 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke u in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!
he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen
I noticed that. I don't think we're going to change anyones minds though.
I noticed that. I don't think we're going to change anyones mindsthough.
Noticed what?
Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 19 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!
Lol. Make sure you're not sitting in a coffee shop logged in to your board telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.
That you do seem to care about your own security, just not that of anyone else who may connect to your board.
I hope Seth Able never sees this! There goes my free turns playing LORD.
Uhh that could be said for the vast majority of boards out there that
accept
telnet connections. Will you lecture them all how insecure their
systems are
or will you just single out mine because I refuse the paranoid party
Sysop: | Gary Ailes |
---|---|
Location: | Pittsburgh, PA |
Users: | 106 |
Nodes: | 5 (0 / 5) |
Uptime: | 219:11:31 |
Calls: | 588 |
Calls today: | 2 |
Files: | 2,171 |
Messages: | 63,846 |