• SSH for Netrunner?

    From Shurato@21:2/148 to All on Wednesday, April 17, 2024 12:15:00
    What restrictions for my SSH server do I need to relax to allow netrunner connections? I googled it, but google results for BBS technology are quite limited. I'd like to allow netrunner to connect to my ssh (though I prefer
    ssl websocket connections from icyterm (does anything else other than ftelnet and icyterm support this?)), but right now it can't. Apam suggested this,
    and I didn't realize it was even an option, but I'm totally unsure on what security methods to remove as required for this to take effect.

    My SSH connection is through a debian VM that then telnets internally to the BBS, keeping everything under the SSH tunnel externally. I don't like doing that, and the BBS isn't too keen (It becomes unresponsive if the user has
    more than a couple personal messages, and the files area doesn't work for
    some reason.) on it. Websocket connections work great!

    --- shsbbs.net
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)
  • From Zip@21:1/202 to Shurato on Wednesday, April 17, 2024 20:54:30
    Hello Shurato!

    On 17 Apr 2024, Shurato said the following...

    What restrictions for my SSH server do I need to relax to allow netrunner connections? I googled it, but google results for BBS technology are quite limited. I'd like to allow netrunner to connect to my ssh (though

    I believe you would need to allow CBC ciphers (as at least older versions of cryptlib don't appear to support GCM ciphers). Have a look at the "Ciphers" section of 'man 5 sshd_config'; you might wish to include e.g. "aes256-cbc" among the ones listed there.

    Hope this helps!

    Best regards
    Zip

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)
  • From Shurato@21:2/148 to Zip on Wednesday, April 17, 2024 13:40:00

    Hello Shurato!

    On 17 Apr 2024, Shurato said the following...

    What restrictions for my SSH server do I need to relax to allow
    netrunner
    connections? I googled it, but google results for BBS technology are quite limited. I'd like to allow netrunner to connect to my ssh
    (though

    I believe you would need to allow CBC ciphers (as at least older versions of cryptlib don't appear to support GCM ciphers). Have a look at the "Ciphers" section of 'man 5 sshd_config'; you might wish to include e.g. "aes256-cbc" among the ones listed there.

    as a prophylactic, I added all of the cbc ciphers (as shown from the results
    of sshd -Q cipher below):
    3des-cbc
    aes128-cbc
    aes192-cbc
    aes256-cbc
    aes128-ctr
    aes192-ctr
    aes256-ctr
    aes128-gcm@openssh.com
    aes256-gcm@openssh.com
    chacha20-poly1305@openssh.com

    I'm still not connecting, it just times out.

    --- shsbbs.net
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)
  • From Shurato@21:2/148 to Zip on Wednesday, April 17, 2024 15:11:00

    Hello Shurato!

    On 17 Apr 2024, Shurato said the following...

    What restrictions for my SSH server do I need to relax to allow
    netrunner
    connections? I googled it, but google results for BBS technology are quite limited. I'd like to allow netrunner to connect to my ssh
    (though

    I believe you would need to allow CBC ciphers (as at least older versions of cryptlib don't appear to support GCM ciphers). Have a look at the "Ciphers" section of 'man 5 sshd_config'; you might wish to include e.g. "aes256-cbc" among the ones listed there.

    I had a typo (which I'm prone too... of cbs instead of cbc and killed my
    sshd). It's working with netrunner now!

    I googled it, now that I had more to work with and aes128-cbc is the
    cipher used by netrunner.

    --- shsbbs.net
    Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
    ,wss) (Ports 22,23,110,21,119,8080) (ssh login 'bbs' pass 'shsbbs').


    *** THE READER V4.50 [freeware]
    ---
    * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (21:2/148)
  • From Alonzo@21:1/130 to Shurato on Wednesday, April 17, 2024 18:27:55
    I had a typo (which I'm prone too... of cbs instead of cbc and killed my sshd). It's working with netrunner now!

    Congratulations! It's those little details that will mess you ņup
    every time.

    ... Consultant: A person who makes good on a salesman's promises!

    --- Mystic BBS v1.12 A48 (Windows/64)
    * Origin: From the depths of Bunker 3 (21:1/130)
  • From Zip@21:1/202 to Shurato on Thursday, April 18, 2024 17:13:18
    Hello Shurato!

    On 17 Apr 2024, Shurato said the following...

    I had a typo (which I'm prone too... of cbs instead of cbc and killed my sshd). It's working with netrunner now!

    Glad to hear that! =)

    I googled it, now that I had more to work with and aes128-cbc is the cipher used by netrunner.

    Ah! That's good to know. I know Mystic's SSH server accepts aes256-cbc, so I thought maybe it would be the same for NetRunner... almost, then. =)

    Best regards
    Zip

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)