faster to me, but then what do I know?!?! LOL Anyways, my new question
is SSH has stopped working. I had it working in Windows, but now I get a negotiating SSH then on the next line it says exception 0 and drops me..
Hey all, as you can tell from my hundreds of messages this week I converted my board over to Linux.. It runs pretty well.
Seems a bit faster to me, but then what do I know?!?! LOL Anyways, my new question is SSH has stopped working. I had it
working in Windows, but now I get a negotiating SSH then on the next line it says exception 0 and drops me.. It never
connects. I know I am probably missing something like maybe a Open SSH issue? Anyone have any thoughts on this?? Everything
else seems to be fine.. I am sure more will pop up..
Hey Bucko, regarding ssh, when you launch the mis server does it throw
any errors? Anything in logs, server side?
Hello Bucko!
Did you compile cryptlib 3.4.5? (3.4.6 doesn't work, I think, and g00r00 hasn't solved that just yet.)
Also, have you ensured that the resulting file is named libcl.so and is placed in a directory listed in your LD_LIBRARY_PATH?
I have put my libcl.so in a /home/bbs/cryptlib directory and added the following to the [Service] stanza of my systemd unit which starts MIS:
Environment=LD_LIBRARY_PATH=/home/bbs/cryptlib
what does it say in /var/log/syslog ?
make sure you dont have openssh listening on the same port (22).
Yes, 3.4.5 and it is in my /usr/lib directory as suggested in the wiki, gonna try copying it to my Mystic directory first before re-assembling
it. Thanks..
Environment=LD_LIBRARY_PATH=/home/bbs/cryptlib
Environment=LD_LIBRARY_PATH=/home/bbs/cryptlibThis is clever. I wonder, does this make the entire LD_LIBRARY_PATH just point to that directory or is this an additive
setting?
Fingers crossed!
Enabling debug logging/the highest log level in Mystic might also aid troubleshooting, if you haven't done that already.
It might be worth noticing that libcrypt 3.4.5 does not support GCM ciphers, only CBC ciphers, so if you're using a new and fancy client to connect to Mystic, you might need to lower its security level somehow.
.. Now my gmail send
for password reset stopped working but I am not going to worry about
that right now. THe more important things are currently working so I
will keep it going this way.. Thanks again for the info..
Thanks Charles for the help.. Did something I should have done last
week.. I used the pre-assembled version that Paulie420 said to use that was on his board.. I installed that and bang SSH works.. Thank you all
for the help. Hopefully this is the last bit of help I will need with this..
You may want to review Google's app password for specific applications.
I seem to remember some people using that to get things working.
Good - glad that *Deadbeatz* pre-compiled helpe ya... and I knew it
would be something worth having @ 2o. I'm sure someone else will find it in the future, too. Yay!
I am using that, was using it on the Windows side, but now on the Linux side it is not working.. Gonna post to g00r00 on
Fido with my findings, because it seems like google accepts the connection then when TLS starts it blocks the connection..
We'll see how that goes...
make sure your TLS is up to date
On 25 Sep 2022, Charles Blackburn said the following...
make sure your TLS is up to dateOk I give.. LOL How do I update TLS? I can't find it anywhere online..
it'll most likely be part of the openSSL package or whatever SSL package you are running
no that would wipe it out for everything if it was exported, but if put before the command would apply just for that process
eg same thing for X:
DISPLAY=192.168.1.1:0 xterm
Are you sure this is the case for a systemd script?
no that would wipe it out for everything if it was exported, but if put before the command would apply just for thatAre you sure this is the case for a systemd script?
eg same thing for X:
DISPLAY=192.168.1.1:0 xterm
This is clever. I wonder, does this make the entire LD_LIBRARY_PATH just point to that directory or is this an additive setting?
Actually, what I did was download the cryptlib 3.4.4 from 20 for beers that was pre-assembled and that worked like a champ.. Now my gmail send
will keep it going this way.. Thanks again for the info..
it'll most likely be part of the openSSL package or whatever SSL package you are running
Hi Charles, appreciate all the help. Everything was solved by compiling cryptlib 3.4.5 with gcc 9 and g++ 9 everything works like a charm now, including the GMail password reset..
Hello Bucko!
I found a note among my files here, for making compilation with gcc 10 work (if that could be the problem):
# for gcc version 10 (existing logic incorrectly detect/interprets this
as gcc 1.0)
sed -i 's/if \[ "$GCC_VER" -ge 45 \]/if [ "$GCC_VER" -eq 10 ] || [ "$GCC_VER" -ge 45 ]/g' tools/ccopts.sh
reinstall 11.. I'm happy with it, as it worked and fixed my issues. Now
I am fighting bots, South Korea is killing me this whole week I would block the entire country but a friend of mine who does call in to my Commodore board lives in your guessed it South Korea! Jeez... Gotta play with the Router rules.. LOL
Yep, lots of bots and the like connecting from time to time here, too... Although they haven't filled all the connection slots yet, I think --
it's more like random probing...
On 29 Sep 2022, Zip said the following...
Yep, lots of bots and the like connecting from time to time here, too Although they haven't filled all the connection slots yet, I think -- it's more like random probing...
It's crazy right now it is not too bad, but the past couple of nights,
it has been non-stop especially South Korea and now I am noticing Indonesia! I have the board set up for 10 lines so it is not a problem
but I really haven't watched the incoming hits in months, now I am watching and jeez, to think I turned off Russia, China, Japan, and a few other countries on the Router side!
Al
... A .GIF is worth a thousand .TXT.
--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (21:4/131)
VPN
I'm sure there are still people from china and so on comeing to bot you
to death. Do you have the bot checker? This way at least its not freezing nodes?
LOL Yea I figured that.. Tonight it's not as bad as it has been, so I am happy for that.. The bot checker is installed and working, best thing I ever installed.. One night before the bot checker a few years back I had all 10 lines filled with bots.. Best was my CNet Amiga board, I couldn't log in one night so I pull up the VPN screen of it and all 10 lines are lit up answering and hanging up, I had 1400 calls that day! LOL Sad part was it was all 1 IP address, and it was hitting every CNet Amiga board that night.. We all blocked that one IP and it was good.. Jeez..
Al
Another thing I do is run PFSense with PFBlockerNG it has some nice auto update IP blocking filters and also allows blocking of countries and so on. I believe many of the bots get block by that before they ever reach the BBS.
Its free and easy to use.
I am gonna have to look at pfSense, been hearing a lot of good things about it.. I run a Ubiquiti Dream Router, and have about 7 countries blocked currently, and it helped at first, now it's just getting
pitiful, I had to block South Korea (I have a friend who lives there so
I had to ask him for his IP address so I could whitelist it).. I am
gonna check it out though.. Might helps..
AL
I have been using PFSense for about 12 years or so on the same install. Its even passed through 4 different servers at this point. Love it. Insead of whitelisting his IP there should be a host name option you can choose it will follow them even if the IP changes. Been a while since I set this up but its not too difficult. I had to whitlist a few things
to get it to be nice with Ubuntu and Raspberry Pi. Let me know if I can do anything to help.
On 02 Oct 2022, claw said the following...
Another thing I do is run PFSense with PFBlockerNG it has some nice auto update IP blocking filters and also allows
blocking of countries and so on. I believe many of the bots get block by that before they ever reach the BBS.
Its free and easy to use.
I am gonna have to look at pfSense, been hearing a lot of good things about it.. I run a Ubiquiti Dream Router, and have
about 7 countries blocked currently, and it helped at first, now it's just getting pitiful, I had to block South Korea (I
have a friend who lives there so I had to ask him for his IP address so I could whitelist it).. I am gonna check it out
though.. Might helps..
LOVE PFSENSE, but had no end of issues with blockerNG, i ended up just running an iptables script on the box running my bbs
which uses the GEOIP module and that works well.. I probbaly didnt setup pfblockerNG right but it was always complaining that it didnt haave
enough memory to put all the rules LOL
On 04 Oct 2022, Charles Blackburn said the following...
LOVE PFSENSE, but had no end of issues with blockerNG, i ended up just running an iptables script on the box running
my bbs which uses the GEOIP module and that works well.. I probbaly didnt setup pfblockerNG right but it was always
complaining that it didnt haave
enough memory to put all the rules LOL
Guess I Will look at it closer. My DreamRouter handles things pretty well, blocking countries etc, but I am watching my
Mystic right now and I just had blocks from Japan, Italy, and Indonesia. It's pitiful! LOL
Re: Re: SSH...
yea, i get blocks from all over the place. i block everything and just
let in us ca, au, nz and certain parts of the uk.
yea that limits users, but hey thems the breaks
On 04 Oct 2022, Charles Blackburn said the following...
Re: Re: SSH...
yea, i get blocks from all over the place. i block everything and just
let in us ca, au, nz and certain parts of the uk.
yea that limits users, but hey thems the breaks
You know that isn't too bad of an idea.. I am about ready to do something along those lines also..
it's a lot easier to just block everything and let stuff you want in through.
it also means that the iptables rules are smaller and use less memory.
what i have is block everything on the pfsense box, but the bbs box does it the opposite way around.
little bit of a kludge, but im too lazy to change it LOL
regards
On 06 Oct 2022, Charles Blackburn said the following...
it's a lot easier to just block everything and let stuff you want in through.
it also means that the iptables rules are smaller and use less memory.
what i have is block everything on the pfsense box, but the bbs box does it the opposite way around.
little bit of a kludge, but im too lazy to change it LOL
LOL I know what you mean.. I have my Router blocking 7 countries currently, and now my BBS is blocking another 3. I wanted
to keep South Korea open at least for my Commodore and Amiga boards, because I have a user from South Korea who I have been
friends with since the 90's when he lived in San Diego! I think though blocking everything then letting things is is the way
to go.. Once my kid comes over on Sunday, I will hit him up for the ins and outs on pfSense, as he just did a couple of
articles on it and I believe he is in the process of doing a video for his YouTube channel on pfSense.. Once I get the scoop
from him I will make it happen..
Re: Re: SSH...
LOL I know what you mean.. I have my Router blocking 7 countries currently, and now my BBS is blocking another 3. I wanted
to keep South Korea open at least for my Commodore and Amiga boards, because I have a user from South Korea who I have been
you could just get him to setup a dyndns domain, and have iptables look
at that domain and let that through while blocking everything else :D
On 06 Oct 2022, Charles Blackburn said the following...
Re: Re: SSH... and friend in a weird land :D
you could just get him to setup a dyndns domain, and have iptables look
at that domain and let that through while blocking everything else :D
LOL true that.. I only blocked SK on my Mystic board, the rest is fine. Serves me right for using port 23! LOL
to be honest, i block everything on mine by default and let only US,UK,CA,DE and a couple of others in.
in fact just had a series of emails with the guy that sorts out the IPV6 list cus he's in the netherlands and couldn't connect LMAO... I wonder
why (outside of the fact that the delegation changed after the stupid hurricane).
he said "little strict for fido"... i'm like yup it is, but it's also
the pains of having an open 23 port lol
that said. I cut down my bot rate by about 99 percent... I still get them through occasionally but not 15 a second like it got to at one point.
On 08 Oct 2022, Charles Blackburn said the following...
to be honest, i block everything on mine by default and let only US,UK,CA,DE and a couple of others in.
in fact just had a series of emails with the guy that sorts out the IPV6 list cus he's in the netherlands and couldn't
connect LMAO... I wonder why (outside of the fact that the delegation changed after the stupid hurricane).
he said "little strict for fido"... i'm like yup it is, but it's also
the pains of having an open 23 port lol
that said. I cut down my bot rate by about 99 percent... I still get them through occasionally but not 15 a second
like it got to at one point.
You know the more you talk, the more I am starting to agree with you.. For the few calls I get from overseas, it might be
worth the cutting off of everyone except for a few. I understand VPN's are still an issue but hey a few here and there are
ok. Plus it will help my CNet Amiga board because TelnetD which emulates a modem, can get overrun by bots and just ignore
all other incoming until it is rebooted.. Gonna start playing around with all this info.. :) Appreciate it...
... What does it mean to pre-board? Do you get on before you get on?
that's the funy thing, you don't need to block a ton of places. that's
all i drop specifically. i would just try starting with
the "usual suspects" then add to that if you need to. you would be surprised how much crap comes out of just this lot.
$IPT -A INPUT -m geoip -p tcp --dport 23 --src-cc RU,CN,IN,KR,KP,TW,BO,JP,BR,IT,PK,LV,TR -j DROP
yea that was pretty much the issue i had.. of course, i just increased
the number of nodes and they just followed. I could use fail2ban, but that's always been a pain in the arse for me to setup. this way, if anything gets through I just manually go in and add an iptables line for that subnet.
would that be like precome? where you get off before you actually get
off ? LOL
On 09 Oct 2022, Charles Blackburn said the following...
that's the funy thing, you don't need to block a ton of places. that's
all i drop specifically. i would just try starting with
the "usual suspects" then add to that if you need to. you would be surprised how much crap comes out of just this lot.
$IPT -A INPUT -m geoip -p tcp --dport 23 --src-cc RU,CN,IN,KR,KP,TW,BO,JP,BR,IT,PK,LV,TR -j DROP
I see a few in there I don't have blocked I am gonna block them. I know what you mean about fail2ban, I have tried to set
that up numerous times and I fail each time.. LOL pun on words there..
yea that was pretty much the issue i had.. of course, i just increased
the number of nodes and they just followed. I could use fail2ban, but that's always been a pain in the arse for me to
setup. this way, if anything gets through I just manually go in and add an iptables line for that subnet.
I run my Amiga board in Windows (For now at least). UAE sucks in Linux, trying to work something out on a testbed i am
playing with.. I like the iptables routine and will do that on my Linux systems..
would that be like precome? where you get off before you actually getJeez.. No comment! LOL
off ? LOL
... Do device drivers need a chauffeur's license?
yea those are the ones that got the most traffic. was funny to see a
linux box getting attacked by a microsoft owned ip address lol on a
couple of occasions LOL
interesting. have you tried even trying to run it on one of those FPGA amigas? I personally feel that if you're going to run amiga software for something like this, run it on real hardware... there's more fun in that
- and brownie points lol
On 09 Oct 2022, Charles Blackburn said the following...
interesting. have you tried even trying to run it on one of those FPGA amigas? I personally feel that if you're going
to run amiga software for something like this, run it on real hardware... there's more fun in that
- and brownie points lol
I haven't bought one of them, I agree running on real hardware is more fun but the prices they are going for these days is
pitiful! Even the FPGA ones are pitiful, I was going to buy a Standalone Vampyre, and it was like $5 or $600, which to run a
BBS is just not worth it to me when I picked up a i5 off lease on eBay for $30 shipped and ran WinUAE with it for the
longest time emulating a A4000, I even have a PowerPC setup ready if I wanted to run that.. I do have a couple of C64's and
the FPGA Ultimate 64 which although not cheap allowed me to get back into programming again..
they're pretty good. ive been watching a few channels which ave them featured.
yea that's interesting for sure, i was also interested in sstephen jones' checkmate pc which IIRC is a modern version of the a500 or a1200? little pricey and a short run, but heck... looks great and well considering
it's modern day components and a brand new case design. not too bad to
be honest
in fact just had a series of emails with the guy that sorts out the
IPV6 list cus he's in the netherlands and couldn't connect LMAO... I wonder why (outside of the fact that the delegation changed after the stupid hurricane).
he said "little strict for fido"... i'm like yup it is, but it's also
the pains of having an open 23 port lol
On 09 Oct 2022, Charles Blackburn said the following...hehe yea i know what you mean. i've thouguht about it but im of the ilk, i'd rather just get the real thing lol
they're pretty good. ive been watching a few channels which ave them featured.Yea, I watched a bunch of video's on it. I know someone who has it and at first he was really happy with it, but after the initial happiness wore off it sits on
his desk and does nothing, sort of like my Ultimate 64 which when I finally pulled 1 of my Commodore BBS' off of it, and started doing my programming in emulation
yea that's interesting for sure, i was also interested in sstephen jones' checkmate pc which IIRC is a modern version of the a500 or a1200? little priceyI have seen something on that unit, it looks really nice, especially the repro A1200 case, I believe you can even install a pI in it and with any of the distro's
and a short run, but heck... looks great and well considering
that will spin up FSUAE it is pretty nice most people would never know it wasn't a real Amiga.. I am going to install AmiDeb v1 on a HD and if it runs real nice
with AmigaOS 3.2.1 maybe I will move my Amiga BBS over to it, depending on how well AmiBinkD will run with it or if I just toss BinkD on the Linux side to run in
the background. Still working on that idea. LOL
Hello Charles!
08 Oct 22 14:43, you wrote to Bucko:
in fact just had a series of emails with the guy that sorts out the
IPV6 list cus he's in the netherlands and couldn't connect LMAO... I wonder why (outside of the fact that the delegation changed after the stupid
hurricane).
he said "little strict for fido"... i'm like yup it is, but it's also
the pains of having an open 23 port lol
I'd agreee with him. Fido dosn't need port 23 (Telnet), it needs the binkp port of 24554.
If your blocking that port, then you need to re-think your setup.
yea but why put a pi in it when you can get an actual "real" amiga motherboard in it and do it properly
i must admit, i've never owned an amiga, i've always wanted a real one though. I wanted to get fsuae up and running but i havent bothered
sitting down properly and doing it.
yea but why put a pi in it when you can get an actual "real" amiga motherboard in it and do it properly
i must admit, i've never owned an amiga, i've always wanted a real one though. I wanted to get fsuae up and running but i havent bothered
sitting down properly and doing it.
I hate to say this, but I gave away all of my Commodore and Amiga stuff back in 2015, I had a A500 with a HD with 16 megs of RAM on it, along with a C128 a C64 and the pieces of a Lt
Kernal.. Pains me every time I think about it, namely because I said I would never use it again. Guess what? After putting up this BBS and seeing my work on Image 2.0 (I did some of the
programming of it back in 96-97) I wanted another Commodore, bought 2 of them, then the Ultimate 64, PLUS a Lt Kernal Clone.. When Vice got CMD HD and Lt Kernal HD EMulation I went
emulated namely because I didn't want to destroy the real stuff..
As for the pi and Amiga, I would love to get a real Amiga today, it's just ridiculously priced now, a A4000 if you can find it? $2 or $3k, a new X5000 $3k, for what? I hear ya about
wanting the real thing but $3k? I emulate now and it works just as well, I have a PC with every AmigaOS being emulated from 1.2 to 4.1. The 4.1 is an emulated PowerPC. I don't use any of
them LOL
yea i did the same back when i moved over here... left a ton of stuff in my mom n dads attic, had a compaq luggable, bbc B and a bunch of other stuff that my dad gave away or trashed :(
last year when i went over there, my old mac was still there though and i brought over my 286 in a flight case :D
next time i go back to visit my mom (dad died last year and i stole his radio gear when i left :D), i might take the flight case back over and
see if i can get the old mac, but i gotta find a way to ship the monitor over lmao that thing is fricken huge, but you can't get them anywhere
for love nor money LOL
yea i downloaded a copy of amiga forever to see if i could get it
working how i want it, if i can then ill go buy the latest one, but it's getting time and inclination to sit down and do it LOL
I'd agreee with him. Fido dosn't need port 23 (Telnet), it needs
the binkp port of 24554. If your blocking that port, then you need
to re-think your setup.
yes i know it doesn't need 23, but the amount of crap i get with binks
port too is silliness..
It really is amazing how much this stuff is going for now, back in 15 when I gave away all of my stuff and threw out every
old PC I had (xt, 286,386,486, Pentium 1,2,3,4 yea I had the whole lot) I checked the prices on eBay and a C64 was going for
like $20 an A500 like $100, now? I paid $110 for each of my C64's I have now, the A500 is going for $400 (I paid $299 for
mine when I bought it), the HD and ram for it another $300. It's worth if to get it all back, even the monitor pack it up
extra well and give it a shot, insure it for like $500 and if it gets damaged you collect the insurance..
I actually bought it back in 18 for like $9 I got the roms needed and then just used WinUAE, now I don't even use the roms
anymore from it, when I bought AOS4.1 it came with a rom, as did 3.1.4 and 3.2.. I use those Roms now.. WinUAE is really
easy to set up, if you need a quick start to get it running and running pretty solid, go on www.cnetbbs.net and choose
support then follow the links to running CNet in WinUAE, it gives you all of the settings needed to run a very stable WinUAE
version of 3.1 (Since you already have the disks and roms from AmigaForever).. If you get an hour free give it a shot.. :)
Hi Charles Blackburn,
yes i know it doesn't need 23, but the amount of crap i get with binks
port too is silliness..
Geezz, by hub system's sitting in a data centre and dosn't see crap connects to it's binkp port. I've watched the process/logfile and only
see connections to/from the node's it feeds. (It's a FTN hub for multiple ftn's).
| Sysop: | Gary Ailes |
|---|---|
| Location: | Pittsburgh, PA |
| Users: | 132 |
| Nodes: | 5 (0 / 5) |
| Uptime: | 109:14:40 |
| Calls: | 733 |
| Files: | 2,171 |
| Messages: | 81,483 |