Not sure if that's exactly the way to put it, "anonymous," but was
wondering how one might handle an SSH-only BBS, particuarly new account creation.

I saw someone post a git issue for Syncterm today (Deuce?) that seemed
like Syncterm supports BBSs that have 'generic' or anonymous connection usernames over SSH (like "user"), but then essentially the BBS software
would tunnel the user to the telnet login for UN and PW login. The
advantage being, from day 1, the process is more secure. Even
users creating their intial BBS account with a password in clear text--I'm finally realizing--is a pretty bad idea, LOL.

I'm sure many people are like, who cares? It's a BBS. Welcome to the
1908s. But... I've been thinking about it. And if I'm thinking about it,
I'm 100% positive that smarter people have already been down that road.

My idea is simple as this: I'd run a custom SSH server, accept a UN/PW
auth with a generic UN and any PW. Then, once connected, tunnel the user
over to the BBS' telnet login via SSH...

I know, sounds like a lot of work for something that isn't a big problem
for most people. Might be easier just to allow Telnet new users, but then
force login over SSH and change PW on first login. Or something like that.

One potential down side is, all logins will look like they are coming from
my internal IP address, unless I found a way to pass this info? Also, bots
and simultaneous connections.

Anyone think about doing this, or are they doing this?

Cheers,







|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.12-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

Not sure if that's exactly the way to put it, "anonymous," but was
wondering how one might handle an SSH-only BBS, particuarly new
account
creation.

Talisman supports login as "NEW" with password "NEW" to create a new
account. (so does magicka actually).

As for mystic, I believe that works too, just put any username and
password and it will fall back to the login / password.

I did read somewhere that using the same username / password for
everything was bad, something about the crypto being more easy to figure
out or something - I don't remember really, which is why I've tried to
avoid it (except for new/new).

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.12-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happyland.zapto.org:11892/ (21:1/182)

Talisman supports login as "NEW" with password "NEW" to create a new account. (so does magicka actually).

Oh, wow. Had no idea. That pretty much solves my problem, if that's the
case. Cheers!!


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.12-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

On Tuesday, March 16th Alpha was heard saying...

Not sure if that's exactly the way to put it, "anonymous," but was wondering how one might handle an SSH-only BBS, particuarly new account creation.

FWIW ENiGMA 1/2 also takes the same approach as others - you can define usernames such as "new" that kick off the NUA process.

As far as passwords being less secure, it's basically just that they are shorter and in general not random unlike a key. I actually added key support to enigma but I don't think I ever got around to exposing it to users. They'd have to login over something secure (e.g. their pass) then upload the key. I guess I could allow it over HTTPS POST also or soemthing. ...but not sure if anyone would use it as none of the "BBS" terminal softwares support it (that I know of anyway)




--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

As far as passwords being less secure, it's basically just that they
are shorter and in general not random unlike a key. I actually added
key support to enigma but I don't think I ever got around to exposing
it to users. They'd have to login over something secure (e.g. their
pass) then upload the key. I guess I could allow it over HTTPS POST
also or soemthing. ...but not sure if anyone would use it as none of
the "BBS" terminal softwares support it (that I know of anyway)

Interesting. I saw an another open source project that was using keys. We
are pretty dependant on common terminal software in our community, so
totally get the hurdles there.

Cheers,


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.12-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

*** Quoting Alpha from a message to All ***

connection usernames over SSH (like "user"), but then essentially the
BBS software would tunnel the user to the telnet login for UN and PW login. The advantagebeing, from day 1, the process is more secure.
Even users creating their intial BBS account with a password in clear text--I'm finally realizing--is a pretty bad idea, LOL. I'm sure many people are like, who cares? It's a BBS. Welcome to the 1908s.

I was pondering a way to do this with Net2BBS and Telegard. Setup an SSH connection that proxies the connection over to telnet kind of like how
SEXPOTS does with Modem<->Telnet.

I haven't looked too much into it, because like you, I was kind if like "who cares"? lol - But it'd be a neat project if for no other reason than to go through the exercise.

Jay

... Tolkien is hobbit-forming.

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Re: Re: Anonymous SSH login
By: Warpslide to Alpha on Wed Mar 17 2021 08:46 am

I was pondering a way to do this with Net2BBS and Telegard. Setup an SSH connection that proxies the connection over to telnet kind of like how SEXPOTS does with Modem<->Telnet.

this is actually the way to do it on Mystic right now for door support on SSH (since netfossil only works with plain telnet sockets) .. you basically make a menu with a FIRSTCMD that just does telnet and then hangup immediately in the action list. uses up a spare node if you do it with one copy of Mystic.. but on the other hand if you use two copies, the SSH forwarder copy won't have your user database (so all SSH logins would be 'invalid' and dump them to the login prompt')

Not sure if that's exactly the way to put it, "anonymous," but was wondering how one might handle an SSH-only BBS, particuarly new account creation.

I saw someone post a git issue for Syncterm today (Deuce?) that seemed like Syncterm supports BBSs that have 'generic' or anonymous connection usernames over SSH (like "user"), but then essentially the BBS software would tunnel the user to the telnet login for UN and PW login. The

Again with this? Why are you people SO AFRAID that someone might steal your logon name and password to a BBS? I don't understand this. Why bother?
It's SOOO stupid. The only reason I see for this if you are a hiding sexual predator or hiding from the law for some reason. It's a BBS for Christ's sake.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Compufuck | Binghamton, NY | compufuck.xyz (21:1/197)

I haven't looked too much into it, because like you, I was kind if like "who cares"? lol - But it'd be a neat project if for no other reason
than to go through the exercise.

Holy shit! Someone with some sense. ;)

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Compufuck | Binghamton, NY | compufuck.xyz (21:1/197)

Again with this? Why are you people SO AFRAID that someone might
steal your
logon name and password to a BBS? I don't understand this. Why
bother?
It's SOOO stupid. The only reason I see for this if you are a hiding sexual
predator or hiding from the law for some reason. It's a BBS for
Christ's
sake.

Again with this? Why do people assume that just because people might care
about privacy that they must be doing something nefarious?

Also, chill, bro. I don't care if you think my question is stupid. A lot
of people, including myself, do these kinds of things as a hobby because
we like an excuse to tinker with things. Figure out how they work. Not
because we are hiding from the law.


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

Not sure if that's exactly the way to put it, "anonymous," but was wondering how one might handle an SSH-only BBS, particuarly new account creation.

Mystic handles it a little differently.

I've just tested it on the current version of Mystic on my BBS. My BBS has Mystic's own builtin SSH server running on 2222 (and the regular Debian
OpenSSH server running on port 22 but not accessible to the internet).

Whereas OpenSSH will abort if a valid user/password is not entered, Mystic's ssh server (using Cryptlib) does not abort.

If a valid user/password is entered you are connected into the BBS.

If a INVALID user/password is entered Mystic responds with just a new line
If you then press enter again you connect to the BBS and after the ANSI detection prompt drops back to the login screen where you can type in again
you new login and the system will then set you up as a new user.

The only weird thing is that you will have to explain to the users to just enter anything at the User: prompt (just pressing enter will cause the client to be disconnected).


You can of course run both if you want and get users to sign up over telnet then switch to ssh (and change their password)

Another option is for user to request a login via another method if it is privacy of initial connection you are concerned about.

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
* Origin: Tribe BBS (21:1/177)

Mystic handles it a little differently.

I've just tested it on the current version of Mystic on my BBS. My BBS
has
Mystic's own builtin SSH server running on 2222 (and the regular
Debian
OpenSSH server running on port 22 but not accessible to the
internet).

I really appreciate the detailed explanation, Hal. Thank you!


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

Re: Re: Anonymous SSH login
By: Exodus to Alpha on Wed Mar 17 2021 12:00 pm

Again with this? Why are you people SO AFRAID that someone might steal your logon name and password to a BBS?

There is no fear involved. It is a simple matter of keeping users info secure.

I don't understand this. Why bother?

So people can't snoop your info.

It's SOOO stupid. The only reason I see for this if you are a hiding sexual predator or hiding from the law for some reason.

Huh!?

It's a BBS for Christ's sake.

Yeah. Should people transmit their info in the clear just because it's a BBS?

Ttyl :-),
Al

... Don't Panic! It's only ones and zeros.
--- SBBSecho 3.13-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Re: Re: Anonymous SSH login
By: Exodus to Alpha on Wed Mar 17 2021 12:00 pm

Again with this? Why are you people SO AFRAID that someone might steal your logon name and password to a BBS? I don't understand this. Why bother? It's SOOO stupid. The only reason I see for this if you are a hiding sexual predator or hiding from the law for some reason. It's a BBS for Christ's sake.

this exact logic can be extended to all parts of life. it's b.s.

Re: Re: Anonymous SSH login
By: Alpha to Exodus on Wed Mar 17 2021 03:27 pm

we like an excuse to tinker with things. Figure out how they work. Not because we are hiding from the law.

tbh the second we have to justify being security minded is the second we should double down..

Re: Re: Anonymous SSH login
By: hal to Alpha on Wed Mar 17 2021 11:25 pm

If a INVALID user/password is entered Mystic responds with just a new line If you then press enter again you connect to the BBS and after the ANSI detection prompt drops back to the login screen where you can type in again you new login and the system will then set you up as a new user.

yeah.. after you've established your connection, the auth section is basically meaningless encryption-wise .. i had written a post previously (but it was lost!) about how it'd likely be possible to do the whole bbs "operation" inside the "interactive" login sequence without ever logging in.. (or after login, telling the sshd they've logged in just to be nice) but i've only had luck experimenting with that with libssh. i'm guessing every library is different

Again with this? Why are you people SO AFRAID that someone might stea your logon name and password to a BBS?

There is no fear involved. It is a simple matter of keeping users info

What info? Their HANDLE? It's not like you are taking credit cards for payments or have their SSN on file.

I don't understand this. Why bother?

So people can't snoop your info.

What people?!

Yeah. Should people transmit their info in the clear just because it's a BBS?

A name and a BBS password ... yeah, yeah they should. That's a stupid
comment. Because you know there are people out there just waiting in coffee shops and diners waiting to grab someone's BBS info. Then black mail them for 3 google play cards and a steam card so they don't tell people their handle is "cry baby" .... Yeah, I see that happening everyday. Get real.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Compufuck | Binghamton, NY | compufuck.xyz (21:1/197)

Re: Re: Anonymous SSH login
By: Exodus to Al on Thu Mar 18 2021 11:25 am

What info? Their HANDLE? It's not like you are taking credit cards for payments or have their SSN on file.

Of course not. We are not bankers.

So people can't snoop your info.

What people?!

Any number of people. I'm sorry I can't introduce you!

A name and a BBS password ... yeah, yeah they should. That's a stupid comment. Because you know there are people out there just waiting in coffee shops and diners waiting to grab someone's BBS info. Then black mail them for 3 google play cards and a steam card so they don't tell people their handle is "cry baby" .... Yeah, I see that happening everyday. Get real.

Oh, it's real.

In the beginning when using dial-up modems BBSing was absolutely secure. Then the internet happened. That's great but we needed to do something since modems were not being installed anymore so we went to telnet. That's great too but completely insecure.

There is such a thing as secure telnet on port 992 by default but it was never embraced in the BBS community.

I suppose secure telnet and ssh are secure but complex perhaps and not easy to implement and so it hasn't been implemented all around.

BBBS and BTERM use an MD5SUM when exchanging info over telnet. Something like that might be easier/good enough to implement but there is no standard.

Ttyl :-),
Al

... Disk Failure: (C)old boot; (W)arm boot; (S)teel-toed boot.
--- SBBSecho 3.13-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Exodus around Wednesday, March 17th...

Again with this? Why are you people SO AFRAID that someone might steal y logon name and password to a BBS? I don't understand this. Why bother? It's SOOO stupid. The only reason I see for this if you are a hiding sex predator or hiding from the law for some reason. It's a BBS for Christ's

You clearly don't understand the vast extent of internet traffic snooping. Systems are in place that record, analyze, and cross reference all available traffic. Even encrypted sessions of interest are recorded if they need to later be decyphered (luckly this is at least in theory much harder than it has been in the past with modern crypto with the assumption of no back doors or in the case of PK crypto, CA's in hands of the relevant actors).

This is not to mention things such as WiFi that are incredibly easy to snoop packets on, etc.



--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Twas Wednesday, March 17th when Fusion said...

this exact logic can be extended to all parts of life. it's b.s.

This deserves to be quoted.



--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Am 18.03.21 schrieb Al@21:4/106.1 in FSX_BBS:

Hallo Al,

In the beginning when using dial-up modems BBSing was absolutely secure.

Not really, as telephone corporations and governments could tap into the telephone lines and get the transferred information.
Much like today with The Internet.
It just was a little more complex to accomplish, but information
transferred via a modem was not encrypted.

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Al on Fri Mar 19 2021 09:34 am

In the beginning when using dial-up modems BBSing was absolutely
secure.

Not really,

Yeah, really.

as telephone corporations and governments could tap into the
telephone lines and get the transferred information.

Sure, if you were under investigation and the court allowed a wiretap they would listen and record your conversations.

Much like today with The Internet.

Sure they can do that today too although it's encrypted today (or it can be) so it's a little harder to do.

It just was a little more complex to accomplish, but information transferred via a modem was not encrypted.

No it wasn't. Back then it was a direct call from point A to point B. There was no need for encryption.

I was not talking about investigations and wiretaps. I was speaking of keeping user info secure. Do you think we should make some attempt at doing that?

Ttyl :-),
Al

... Help! I've fallen and I can't reach my beer!
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Sure, if you were under investigation and the court allowed a wiretap
they would listen and record your conversations.

That would depend on the country you're calling to / from.

I was not talking about investigations and wiretaps. I was speaking of keeping user info secure. Do you think we should make some attempt at
doing that?

I think everyone bar Exodus (who I suspect was just trolling) things user
info should be kept secure.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

On 18 Mar 21 22:45:28, Nuskooler said the following to Exodus:

You clearly don't understand the vast extent of internet traffic snooping. Systems are in place that record, analyze, and cross reference all available

There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly BBS that has not been designed with any security beyond text-passwords or has
any innovation beyond being executable by an equally silly telnet server.

Nobody snooping on my BBS usage is going to gain anything from me other than I have a real fun way of killing time.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly B that has not been designed with any security beyond text-passwords or has any innovation beyond being executable by an equally silly telnet server.

Nobody snooping on my BBS usage is going to gain anything from me other tha have a real fun way of killing time.

Holy SHIT! Someone with some common sense! Glad to be in your company! ;)

... I saw Elvis. He sat between me and Bigfoot on the UFO.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

Re: Re: Anonymous SSH login
By: apam to Al on Fri Mar 19 2021 07:47 pm

Sure, if you were under investigation and the court allowed a wiretap
they would listen and record your conversations.

That would depend on the country you're calling to / from.

Wiretapping is illegal in Canada unless the parties involved have given consent to recordings.

Investigators can use wiretaps if they can convince a judge to allow it.

I think everyone bar Exodus (who I suspect was just trolling) things user info should be kept secure.

I suspect Exodus just doesn't care about security. That's OK if he is just "having fun" then there is nothing to protect.

For the most part I am just having fun too but I prefer to be secure.

To each his own.

Ttyl :-),
Al

... Misspelled? Impossible. My modem is error correcting.
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

I suspect Exodus just doesn't care about security. That's OK if he is just "having fun" then there is nothing to protect.

Of course I'm having fun .. been since 1993 when I started my BBS .... but thats what it is, a BBS. If you want to be secure, you are on the wrong system. Go use the web and run something secure. The BBS was never made to be secure. Hell, for years most software had the sysop be able to SEE the user's passwords.

The only protection in a BBS that has been is a text based password. Nothing more, nothing less.

... How do you pronounce my name? With reverence.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

*** Quoting Exodus from a message to Al ***

Hell, for years most software had the sysop be able to SEE the user's passwords.

The only protection in a BBS that has been is a text based password. Nothing more, nothing less.

Yup, Telegard by default stores the passwords in plain text. I've enabled password encryption which then stores the password as a CRC value which is better than nothing, but weak by today's standards.

At least more modern BBS packages use stronger methods like PBKDF2 SHA512 (which Mystic uses).

This would prevent a sysop from seeing the password and then trying to use it elsewhere should (s)he be malicious. Of course the user shouldn't be
re-using that password, but it's surprising just how many people do.

Jay

... Laugh and the world laughs with you, snore and you sleep alone.

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Re: Re: Anonymous SSH login
By: Exodus to Al on Fri Mar 19 2021 07:17 pm

Of course I'm having fun .. been since 1993 when I started my BBS .... but thats what it is, a BBS. If you want to be secure, you are on the wrong system. Go use the web and run something secure.

I'm on the right system. I have secure ssh, web, nntp, binkp and mail sessions.

The BBS was never made to be secure. Hell, for years most software had the sysop be able to SEE the user's passwords.

Sure it was. That's why it asks for a password.

The only protection in a BBS that has been is a text based password. Nothing more, nothing less.

That's true. It's just a password. The idea of security is simply to keep that password private.

If you are happy with telnet that's fine, there is nothing wrong with that.

There is nothing wrong with security either.

I wish that telnet had privacy/security built into it from the beginning but back then ssl was not well known or supported.

Ttyl :-),
Al

... ALIMONY: The cost of leaving.
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Re: Re: Anonymous SSH login
By: Exodus to Al on Fri Mar 19 2021 07:17 pm

Of course I'm having fun .. been since 1993 when I started my BBS .... but thats what it is, a BBS. If you want to be secure, you are on the wrong

there are a handful of bbses in china with more living users than there ever were in the history of bbs usage as we know it. they moved on to ssh just fine. they have all sorts of interesting modern features that we're just now getting to.

your idea that the bbs is stuck in a fixed point in time that you're fond of simply isn't based on facts.

On 19 Mar 21 19:45:52, Al said the following to Exodus:

The BBS was never made to be secure. Hell, for years most software had sysop be able to SEE the user's passwords.

Sure it was. That's why it asks for a password.

Since this silly convo is about holding obsolete BBS stuff to the same cybersecurity practices of today, "no", BBS software was never made to be secure. THD Proscan bragged about keeping my BBS "secure" but went bonkers over Zip-bombs; Zip archives purposely created to crash the system by exploiting limitations of Pkunzip or the MS-DOS filesystem.

BBS software usually had no 2FA, passwords shown locally to the console, passwords stored as plain-text, MANY textfiles published on h/p/a boards
about how to exploit many different systems. Then theres the trojan/backdoor malware crap specifically written to grab a copy of one's user database.
Stuff that never passed as a virus to something like THD Proscan.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 19 Mar 21 20:21:25, Fusion said the following to Exodus:

there are a handful of bbses in china with more living users than there ever were in the history of bbs usage as we know it. they moved on to ssh just fine. they have all sorts of interesting modern features that we're just now getting to.

your idea that the bbs is stuck in a fixed point in time that you're fond of simply isn't based on facts.

China's BBS usage is driven by a political and censorship system and doesn't really compare to the usage by the rest of the world. And the fact is
that rest of the world outside of China does not care jack-shit about BBS's.

"Real world", as in real people who don't want to use something that
looks from the 80's or something so techie they need to read a Wiki article about it first.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Since this silly convo is about holding obsolete BBS stuff to the same cybersecurity practices of today, "no", BBS software was never made to
be secure.

Perhaps it wasn't secure, but it wasn't for lack of trying. Why have a
password at all if not at least trying to keep private things private?

It seems to me this is more about resistance of change, those who "don't
care" about security look like they're using old BBS software from the 90s, where as those who are looking to be more secure are using more modern software.

If you don't care about security that's fine, don't care.. but don't make out like there is some logic to deliberatly be insecure.

I don't really see the difference between running remote access, telegard or renegade over telnet vs say piping it over ssh or something (except maybe
that it would take a bit of effort to get it setup).

Really, people might not care about reading your private bbs messages, but
they might like to sniff your sysop password, especially if you're running a bbs system that allows you to drop to shell.

Andrew

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: Anonymous SSH login
By: Atreyu to Al on Fri Mar 19 2021 11:35 pm

Since this silly convo is about holding obsolete BBS stuff to the same cybersecurity practices of today, "no", BBS software was never made to be secure.

I haven't read anyone holding obsolete BBS stuff to today's standards. We are talking about BBSing today and being secure.

Someone running a BBS that is no longer being updated is going to have to be happy with what they have unless they have the source and can update it themselves if that's what they want/need to do.

THD Proscan bragged about keeping my BBS "secure" but went bonkers
over Zip-bombs; Zip archives purposely created to crash the system by exploiting limitations of Pkunzip or the MS-DOS filesystem.

THD Proscan passed of the job of scanning for virii to your scanner of choice. It is only as good as that scanner. Zip bombs were another thing. I don't see those issues today with clamav.

BBS software usually had no 2FA, passwords shown locally to the console, passwords stored as plain-text, MANY textfiles published on h/p/a boards about how to exploit many different systems. Then theres the trojan/backdoor malware crap specifically written to grab a copy of one's user database. Stuff that never passed as a virus to something like THD Proscan.

It's because of those kind of bad actors that we try to be secure.

Ttyl :-),
Al

... Edit, Save, Exit, Build, Link, Run, Curse, Reboot!
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

Re: Re: Anonymous SSH login
By: Atreyu to Fusion on Fri Mar 19 2021 11:55 pm

is that rest of the world outside of China does not care jack-shit about BBS's.

the premise isn't that anyone should or shouldn't care about bbs's. it's about people clinging in fear to their dear modern day modems, resisting the most minor change (ssh doesn't change the user experience whatsoever). stolen passwords can cause other problems than just getting into said user's bank account or whatever (i can see it now.. you're already typing up a message about reusing passwords..) but they can cause temporary hardship for the user.. whether it be people posting at them harassing others, spam, being outright banned without any decent way of contacting the sysop to explain..

i feel you've taken a stand on something that's both incredibly easy and logical to move toward.

Re: Re: Anonymous SSH login
By: Al to Atreyu on Sat Mar 20 2021 12:33 am

It's because of those kind of bad actors that we try to be secure.

even the mighty synchronet came with an old version of pkzip at one point.. all you had to do is zip a file with a full path like:

doorgame\cool.exe

edit the zipfile with a hex editor and change that to:
..\data\users.dat (or whatever)

and it wrote the file out on upload (zip verification)

i logged onto vert when i had tried it a few times successfully and emailed digital man, but others might not have.

i guess the point is when you start looking for stuff like that, you can sometimes find it..

Re: Re: Anonymous SSH login
By: Fusion to Al on Sat Mar 20 2021 01:30 am

even the mighty synchronet came with an old version of pkzip at one point.. all you had to do is zip a file with a full path like:

doorgame\cool.exe

edit the zipfile with a hex editor and change that to:
..\data\users.dat (or whatever)

and it wrote the file out on upload (zip verification)

OK, I just took a fresh backup.. ;)

i guess the point is when you start looking for stuff like that, you can sometimes find it..

Yes, it is out there. It's another bend in the road and tomorrow brings a whole new adventure.

Ttyl :-),
Al

... Mathematician: A device for turning coffee into theorems!
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

On 20 Mar 21 18:01:13, Apam said the following to Atreyu:

It seems to me this is more about resistance of change, those who "don't care" about security look like they're using old BBS software from the 90s, where as those who are looking to be more secure are using more modern software.

If someone wants to secure things via SSH thats fine, its their system. As someone running a 24/7 board since 1993 on the same software, sporadically patched over decades... the idea that some hacker is going to snoop and somehow gain access to my personal crap via my board is totally laughable.

Really, people might not care about reading your private bbs messages, but they might like to sniff your sysop password, especially if you're running a bbs system that allows you to drop to shell.

All Sysop commands and shell have been gutted here completely and I do not remote into my own board from outside my LAN.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 00:33:24, Al said the following to Atreyu:

I haven't read anyone holding obsolete BBS stuff to today's standards. We ar talking about BBSing today and being secure.

There is a perfectly valid reason for not caring about someone snooping on
the traffic of a system because either the content of the system is unimportant or the system is isolated or its highly unlikely anyone will attempt to hack it. The chances of being snooped on are rare unless
you're on some crap insecure Wifi. The chances of someone gaining anything meaningful via telnet snooping is laughable. The vast majority of boards accept connections via telnet. There is no hacking pandemic over this.

Someone running a BBS that is no longer being updated is going to have to b happy with what they have unless they have the source and can update it themselves if that's what they want/need to do.

Which is what I've done for many years now...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 01:24:30, Fusion said the following to Atreyu:

account or whatever (i can see it now.. you're already typing up a message about reusing passwords..) but they can cause temporary hardship for the user.. whether it be people posting at them harassing others, spam, being outright banned without any decent way of contacting the sysop to explain..

LOL... its 2021, not 1991.

i feel you've taken a stand on something that's both incredibly easy and logical to move toward.

Nah I just don't understand the chicken-little sky-is-falling mentality of some here when Exodus and myself believe with good logical reasoning that
there is nothing worth hacking on a BBS today. That the only ones calling BBS's anymore are other Sysops or those looking for a momentary nostalgic fix before returning to 2021.

You run anything with a login prompt exposed to the universe and you have the potential to be hacked... whether the odds are a great percentage or a minute fraction. That logically means anyone running a BBS is posing a security
risk to their network. And its not "incredibly easy" to implement SSH for
many Sysops otherwise it would've been done so by now. Its not easy to do it here, that much is true.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On Friday, March 19th Al was heard saying...

No it wasn't. Back then it was a direct call from point A to point B. There was no need for encryption.

POTS had always been routed through various points. Look into the various "boxes" from back in the day. One could easily tap lines as a layman.


--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On Friday, March 19th Atreyu was heard saying...

There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly BBS that has not been designed with any security beyond text-passwords or has any innovation beyond being executable by an equally silly telnet server.

You literally included "personal" in your example list, which is what BBSing is.

The way it works is this:
- All available points of information are fed into a system.
- This system links the points of data as much as possible.
- This allows for example your FB post or your work traffic, so on to still be "you". This includes telnet traffic.

Of course your telnet traffic on a board often makes this quite easy as it often includes your name. People recycle their passwords, your associates, etc. are all into this network of nodes of information on you.



--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Fusion around Friday, March 19th...

your idea that the bbs is stuck in a fixed point in time that you're fond of simply isn't based on facts.

This.

ENiGMA 1/2 came out the gate with SSH, PBKDF2, etc. A number of other modern systems have as well.

Some older systems that are no longer maintained still can do things like run behind a SSH or WSS proxy.



--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On Saturday, March 20th Atreyu was heard saying...

As someone running a 24/7 board since 1993 on the same software, sporadically patched over decades... the idea that some hacker is going to snoop and somehow gain access to my personal crap via my board is totally laughable.

Your argument is you haven't been hacked yet? This dodges the point of data being collected, but you're also probably not a target. If you become one for one reason or another, you're open to the world and absolutely will get hacked. It's childs play.


--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

On 20 Mar 21 17:07:04, Nuskooler said the following to Atreyu:

You literally included "personal" in your example list, which is what BBSing is.

Personal, as in, someone who hacks my board is not going to gain anything personal of mine for their own gain.

- All available points of information are fed into a system.
- This system links the points of data as much as possible.
- This allows for example your FB post or your work traffic, so on to still "you". This includes telnet traffic.

I'm not on any social media other than Linkedin for work. I'm not afraid of anyone looking at any of my messages or regret anything I write on a BBS that is publically available or searchable. As far as the world is concerned, I'm the author of a Fido mailer and I live and work in downtown Toronto.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 17:12:36, Nuskooler said the following to Atreyu:

Your argument is you haven't been hacked yet? This dodges the point of data being collected, but you're also probably not a target. If you become one fo one reason or another, you're open to the world and absolutely will get hacked. It's childs play.

There is no "argument" because I'm not "arguing" anything. I'm actually
finding all of this hilarious that in 2021 suddenly apparently its a problem to be running a telnet system with 90's-era software that one can supposedly "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: Anonymous SSH login
By: Atreyu to Apam on Sat Mar 20 2021 08:14 am

All Sysop commands and shell have been gutted here completely and I do not remote into my own board from outside my LAN.

he says:

security isn't important
why bother it's just a bbs

and then takes steps to prevent things we're suggesting could happen

There is no "argument" because I'm not "arguing" anything. I'm actually finding all of this hilarious that in 2021 suddenly apparently its a proble to be running a telnet system with 90's-era software that one can supposedl "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 1994 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke up in a field 3 miles from my house .... with the letters SSH wrote on a piece of paper .... do you think this all ties together?!

... Ways to skin a cat: #27 --- Use a belt sander.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

All Sysop commands and shell have been gutted here completely and

I do not

remote into my own board from outside my LAN.

he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen

I noticed that. I don't think we're going to change anyones minds though.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

On 20 Mar 21 18:35:35, Fusion said the following to Atreyu:

All Sysop commands and shell have been gutted here completely and I do

not At> remote into my own board from outside my LAN.he says:> security isn' important> why bother it's just a bbsand then takes steps to prevent things we're suggesting could happen

Huh? I did this years ago when I obtained the source code.

You are more likely to have people try Sysop-exploits than you are to be hacked via telnet snooping, which what this whole nonsense was about.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 20:31:57, Exodus said the following to Atreyu:

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 199 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke u in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Atreyu


--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 21 Mar 21 12:06:09, Apam said the following to Fusion:

he says
security isn't important why bother it's just a bbs and then takes
steps to prevent things we're suggesting could happen

I noticed that. I don't think we're going to change anyones minds though.

Noticed what?

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

I noticed that. I don't think we're going to change anyones minds

though.

Noticed what?

That you do seem to care about your own security, just not that of anyone
else who may connect to your board.

But whatever, you do you.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 19 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!

Lol. Make sure you're not sitting in a coffee shop logged in to your board telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

I hope Seth Able never sees this! There goes my free turns playing LORD.

... Ask me anything: if I don't know, I'll make up something.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

On 21 Mar 21 12:44:20, Apam said the following to Atreyu:

That you do seem to care about your own security, just not that of anyone else who may connect to your board.

Uhh that could be said for the vast majority of boards out there that accept telnet connections. Will you lecture them all how insecure their systems are or will you just single out mine because I refuse the paranoid party line?

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 20 Mar 21 21:51:34, Exodus said the following to Atreyu:

I hope Seth Able never sees this! There goes my free turns playing LORD.

Didn't he move to Japan or something? Married some cute chick and enjoys life writing games... good on him.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Uhh that could be said for the vast majority of boards out there that
accept
telnet connections. Will you lecture them all how insecure their
systems are
or will you just single out mine because I refuse the paranoid party

Sure, if they don't offer an SSH option.

I offer telnet for those who don't care, I also offer SSH for those who
do.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

On 21 Mar 21 13:45:27, Apam said the following to Atreyu:

Sure, if they don't offer an SSH option.

I offer telnet for those who don't care, I also offer SSH for those who
do.

LOL, every Sysop that puts up a telnet board doesn't care... but you do?

Your compassion just warms my heart...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 03-21-21 13:45, apam wrote to Atreyu <=-

I offer telnet for those who don't care, I also offer SSH for those who do.

Same here. I actually don't use SSH often myself, but I'm either logging in locally on the LAN or on a virtual LAN, using an encrypted link - the latter is encrypted end to end, might as well be SSH.


... If you can't laugh at yourself, make fun of other people.
=== MultiMail/Win v0.52
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)

I hope Seth Able never sees this! There goes my free turns playing LORD.

Bah. Let him see it. Dude sometimes expresses his love by sending me negative money.

Also, I have a sneaking suspicion that he's really just pursuing Jenny Garth.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

accept telnet connections. Will you lecture them all how insecure their systems are or will you just single out mine because I refuse the
paranoid party line?

This topic came up because someone asked, "Hey, how can I do x security
thing", and got a response of, "That's dumb".

This entire topic should never have come up, because people should be able to ask questions on how to do any random thing they want and unless it's
something harmful to others, get a useful response or positive conversation.

and to actually answer your question, it's because people feel as though
your actions are hypocritical, rather than it being about security or "the paranoid party line". They're aiming at the perceived hypocrisy, not the security.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

On 21 Mar 21 13:29:58, Adept said the following to Atreyu:

and to actually answer your question, it's because people feel as though your actions are hypocritical, rather than it being about security or "the paranoid party line". They're aiming at the perceived hypocrisy, not the security.

... And I would not of intervened in this silly thread entirely had it not been for tinfoil remarks about how telnet can be snooped on. Its such a captain-obvious remark that it can but for some to imply that hackers specifically target BBS's in 2021 is absurd. Family Guy cutaway absurd.

My removal of Sysop commands was back in the 90's when someone tried an MCI exploit. No hypocrisy in that because at the time BBS'ing was "a thing" and MCI exploits were becoming a "problem". BBS'ing is not "a thing" anymore
and since it runs on a dedicated virtual machine I could not care two shits
if someone snoops on what I'm doing on telnet. A hacker will not find anything here that could be used against me to negatively impact my life. My real-life, not the Sysop techie fantasy life where much of my time appears wasted.

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a
thing", I will gladly retract. Until then I stand by my posts and "don't
care" to tow the line on BBS telnet snooping or how one's SSH means one has a bigger caring penis.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

I hope Seth Able never sees this! There goes my free turns playing LO

Bah. Let him see it. Dude sometimes expresses his love by sending me negati money.

Also, I have a sneaking suspicion that he's really just pursuing Jenny Gart

HA

... I think I'll wait for the 80986.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".

Ha, yeah, that was me. So awesome to be called an idiot for asking a
question.

Anyway, maybe it's time to put a stake in the heart of this thread.

TL;DR
Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who
care.

BBSing hasn't really changed much in 30 years


|15:: |13Alpha
|03TheDrunkenGamer.com|08:|078888
|08A Talisman BBS


--- Talisman v0.13-dev (Linux/x86_64)
* Origin: The Drunken Gamer BBS (21:4/158.1)

BBSing hasn't really changed much in 30 years

I think that'd require humanity changing.

Still, generally I'd say that FSXnet is pretty solid. Most of the time we're
on fairly good behavior.

Certainly this conversation is more of an outlier than the norm, and I'd hesitate to say that about anything on FIDOnet.

All the same, I'm sad that the conversation degraded as much as it did. My condolences.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

BY: Adept(21:2/108)


|11A|09> |10All the same, I'm sad that the conversation degraded as much as it did.|07
|11A|09> |10My|07
|11A|09> |10condolences.|07
Like we are acting like 15 year old kids.
:(


--- WWIV 5.7.0.3471
* Origin: inland utopia * socal usa * iutopia.duckdns.org:2023 (21:4/108)

On Sunday, March 21st Atreyu was heard saying...

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has a bigger caring penis.

I worked professionally for a number of years on snoooping software. Telnet and many other protocols were absolutely slurped right up as previously described. SSH/TLS when MITM was available.

The BBS has nothing to do with it really, the contents are pulled out and cross referenced very easily.




--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

Am 21.03.21 schrieb Alpha@21:4/158.1 in FSX_BBS:

Hallo,

Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".

2.
My target audience especially includes retrocomputing people who very
often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

I would really be interested in a SSH Wifi modem, but I don't know any.

So I chose to stick to Telnet access.

(Access to the Synchronet web server indeed is HTTPS only with an Apache reverse proxy inbetween and the fTelnet connection is also using HTTPS
only, so this is a secure alternative here)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Am 20.03.21 schrieb Atreyu@21:1/176 in FSX_BBS:

Hallo Atreyu,

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Why sould I do such a thing without using a VPN to my home network? :)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Alpha on Mon Mar 22 2021 11:04 am

1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".

not related directly to your post per se. but i set up stunnel today for "telnet/ssl" .. basically accepts the ssl connection on port 992 and forwards it to port 23 locally. i know of one client that supports this, which is ZOC (and it costs money..) but it works perfectly. it also doesn't do anything special with auth like SSH does, so it connects and displays text immediately like you'd expect of a bbs.

that said, ZOC at least didn't mention anything about the certificate. i might dig around in there to see if there's any info. so for at least off the top of my head the only way to verify the certificate is via using the openssl command:
openssl s_client -connect <host>:992

if anyone wanted to verify certificates they would need to check the hostname and match the certificates from the server to a local certificate store..

free certificates can be had from letsencrypt so that's not really a problem, or i'm assuming just something like "trust this certificate" on first login would suffice for most people..

now only if syncterm et al. supported it :)

On 22 Mar 21 11:06:00, Acn said the following to Atreyu:

Lol. Make sure you're not sitting in a coffee shop logged in to your board via telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

Why sould I do such a thing without using a VPN to my home network? :)

You WANT the super hacker community to know you're banging a slut...

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

On 22 Mar 21 11:04:00, Acn said the following to Alpha:

Some people care about providing more modern security for BBSs, others
are ambivilant, and a few more are just downright nasty toward those who care.

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

For me theres just something about being able to telnet into a BBS. I can
use anything, even the Windows command prompt. Ftelnet web scripts work perfectly whilest they would be broken on SSH. Even if the board wants to change from port 23 to something else thats fine... telnet "just works".

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: Anonymous SSH login
By: acn to Alpha on Mon Mar 22 2021 11:04 am

I might add two reasons why I don't offer SSH access to my Synchronet BBS:

1.
I would have to explore how a guest login/"new user login" etc. could be accomplished to make it look "normal".

I just logged in as guest via ssh. I used the name guest and the password bogus.

I also logged in as new the same way and created a new account using the same bogus password.

Perhaps it would be more normal if the ssh server didn't require a password when logging in as guest or new?

That would be a good feature request for the developers. You could make that comment to Digital Man so he could give it some thought.

2.
My target audience especially includes retrocomputing people who very often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

I could be wrong but I think that using ssh even over an insecure wifi connection is secure end to end. We'd have to check with network savy people to be sure of that.

Is it not possible to use ssh over that link? I sometimes use ssh over my own wifi link although my wifi is secure.

So I chose to stick to Telnet access.

Telnet is OK. It's an old and well established/well behaved protocol. Just keep in mind it is insecure, use a throw away password.

(Access to the Synchronet web server indeed is HTTPS only with an Apache reverse proxy inbetween and the fTelnet connection is also using HTTPS only, so this is a secure alternative here)

Yes, the web server is a good and secure option.

Ttyl :-),
Al

... As easy as 3.1415926535897932384626433832795028841
--- SBBSecho 3.14-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)

*** Quoting Al from a message to acn ***

I could be wrong but I think that using ssh even over an insecure
wifi connection is secure end to end. We'd have to check with network
savy people to be sure of that.

Yup, that's right. You can use SSH on public wifi and it's still secure,
just like you can use HTTPS on public wifi and still be safe. The encryption is designed to be secure even if the key exchange is observed by a third party.

There's of course some caviets to this (MITM, verifying host keys, etc) - but nothing to really be too concerned about for BBSing.

Jay

... Deny thy father and forget thy tagline.

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

Re: Re: Anonymous SSH login
By: Atreyu to Adept on Sun Mar 21 2021 11:04 am

Anyway when those people who perceive hypocrisy show me documented cases from cybersecurity professionals how BBS telnet snooping specifically is "a
thing", I will gladly retract. Until then I stand by my posts and "don't care" to tow the line on BBS telnet snooping or how one's SSH means one has
a bigger caring penis.

Well said..Well said. Cheers to that!

... Some men are discovered; others are found out.

---
■ Synchronet ■ Havens BBS havens.synchro.net
* Origin: fsxNet FTN<>QWK Gateway (21:4/10)

On Monday, March 22nd acn said...

2. My target audience especially includes retrocomputing people who very
often use "Wifi modems" - and I don't know a single Wifi modem (ESP8266 or ESP32 based) that offers a SSH mode; they only offer Telnet connections.

Already pointed out, but the clients would pretty much have to tunnel through a SSH connection. Perfectly doable, but probably not something you're _generally_ going to do when connecting via C64 or what not :)

With that said, a lot of the WiFi modems are essentially Arduinos and the like that are perfectly capable of doing the SSH locally. Gives me ideas :)


--
|08 ■ |12NuSkooler |06// |12Xibalba |08- |07"|06The place of fear|07"
|08 ■ |03xibalba|08.|03l33t|08.|03codes |08(|0344510|08/|03telnet|08, |0344511|08/|03ssh|08)
|08 ■ |03ENiGMA 1/2 WHQ |08| |03Phenom |08| |0367 |08| |03iMPURE |08| |03ACiDic
--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.15.4)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

You WANT the super hacker community to know you're banging a slut...

You lose 30 charm!

(Besides, it's already well established in game that all sex in LoRD is
public. Evidently there's a creepy old man who spies in all the key holes to figure out what everyone is doing that the drunks find so mystifying.)

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

This topic came up because someone asked, "Hey, how can I do x
security
thing", and got a response of, "That's dumb".

Ha, yeah, that was me. So awesome to be called an idiot for asking a question.
Anyway, maybe it's time to put a stake in the heart of this thread.

Man, Alpha... I don't think so - I mean sure, I don't like the flame thread part of it but... you weren't silly to ask the question, I think it was silly to be attacked/goated over it - if someone disagrees then fine, but you don't have to bugger someone else who DOES care about security.

You hold yer head high, I'm interested in SSH a BIT... I just turned it on, AT A USERS REQUEST - and it isn't always ONLY about security [Altho for his employer it was probably exactly that.]

I had a use request SSH because he couldn't telnet out at work. I mean, just that alone, that users are ASKING for it - Just want you to know that it isn't a dumb idea, it is worth working on and you have support, if I can help in any way.

The back and forth and stupid fighting in the thread tho... sure, I'm with you on that. Just wanted you to know that it wasn't your fault, at all, that the thread turned that way. Completely valid and useful, working with SSH on BBSes. Those who don't think so - then don't think so. It didn't require words, whatsoever.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 22 Mar 21 22:51:07, Adept said the following to Atreyu:

(Besides, it's already well established in game that all sex in LoRD is public. Evidently there's a creepy old man who spies in all the key holes to figure out what everyone is doing that the drunks find so mystifying.)

There used to be this guy who called my board all the time to play Lord... regliously. He ended up flirting with some other player, they became quite chummy. Sending Lord messages back and forth, real-time chat because I had a multi-line system at the time. Things progressed to where the convo's moved from Lord to the BBS message system.

Then there was crickets chirping for about a week or so, neither called
the board anymore. Then the woman called and posted a message akin to "You didn't tell me you were effin' married".

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Am 22.03.21 schrieb Al@21:4/106.1 in FSX_BBS:

Hallo Al,

I just logged in as guest via ssh. I used the name guest and the
password bogus. I also logged in as new the same way and created a new account using the same bogus password.

I assume you didn't do that on my BBS :)

Perhaps it would be more normal if the ssh server didn't require a password when logging in as guest or new?

That would be a good feature request for the developers. You could make
that comment to Digital Man so he could give it some thought.

That might be an idea, but all in all it does collide with the "classic"
way of logging into a BBS, which is: connect to it, get the login ANSI
screen or matrix login etc.pp. and then enter username + password.

So what SSH should do here is: only check the host keys, create a secure connection and then display the rest.
This implies that no user certificate check would be possible.
But at least it would "feel" the old way.
And I don't know if it is possible with existing SSH clients :)

I could be wrong but I think that using ssh even over an insecure wifi connection is secure end to end. We'd have to check with network savy
people to be sure of that.

Yes it is. If you have an eye on the host keys. Sudden changes here could imply an MITM.

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Am 22.03.21 schrieb NuSkooler@21:1/121 in FSX_BBS:

Hallo Nuskooler,

Already pointed out, but the clients would pretty much have to tunnel through a SSH connection. Perfectly doable, but probably not something you're _generally_ going to do when connecting via C64 or what not :)

Yep, exactly.
I know how to accomplish this and could do it, but it's not something to
give out to anyone who just wants to connect to a BBS using the old retro
PC, Amiga, Atari or Z80 machine using some Wifi232 "modem".

With that said, a lot of the WiFi modems are essentially Arduinos and the like that are perfectly capable of doing the SSH locally. Gives me ideas :)

I just have not come by any implementation of SSH in a wifi modem firmware
up till now.
Zimodem, as one of the most advanced firmwares, doesn't have it.
Also "vintage-computer-wifi-modem" by TheOldNet, a fork of esp8266_modem, does not have it:
https://github.com/ssshake/vintage-computer-wifi-modem

If you could add this functionality to any of these firmwares, that would
be great :)

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Al on Tue Mar 23 2021 10:13 am

So what SSH should do here is: only check the host keys, create a secure connection and then display the rest.

this should be possible. the library that everyone in the bbs scene seems to use for ssh just either doesn't seem to support it or nobody decided to use it that way. i did read up a bit on it and it did make it sound like it was designed for simplicity of implementation..

kind of unfortunate really that support is all over the place. maybe i should be writing sample code and distributing it far and wide instead of hootin' and hollerin ;)

(for whoever might be watching: libbsh. though not libssh2! should do this just fine. heck you can ignore what the client says and just say "you're logged" in without ever checking anything)

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".

Ouch.

...but also pretty entertaining, so many years on.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: Storm BBS (21:2/108)

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to
"You didn't tell me you were effin' married".
Atreyu

It all began on BBSes. :P Lol.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

So what SSH should do here is: only check the host keys, create a secure
connection and then display the rest.
This implies that no user certificate check would be possible.
But at least it would "feel" the old way.
And I don't know if it is possible with existing SSH clients :)

I agree with you here, fully. I wish BBSes didn't use the SSH login/pw, or even if it were some standard... BBS/BBS - or however people worked it out; point is, I like typing my user name and password, like I always have had to do, on BBSes. Call me old fashioned, or... I like to do that. Something different about just pressing a button and being 'logged in'.

:P

I do remember, however, using Terminate when it came out and having some crazy scripts that like... typed my UN/PW, and then pressed the spacebar specific to each BBS to just get me to the front page. :P At one point, I'd even capture some of the screens on certain boards (like the door game scores and other login info...) and just have them saved for my later viewing.

I thought I was so high tech. :P

lulz.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 23 Mar 21 15:56:56, Paulie420 said the following to Atreyu:

Then there was crickets chirping for about a week or so, neither called the board anymore. Then the woman called and posted a message akin to "You didn't tell me you were effin' married".
Atreyu

It all began on BBSes. :P Lol.

When there was nothing to watch on TV, I'd watch the BBS console. *Plenty* of entertainment. Especially at midnight when the door games roll-over the turns, the lines used to get slammed with calls.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

When there was nothing to watch on TV, I'd watch the BBS console.
*Plenty* of entertainment. Especially at midnight when the door games roll-over the turns, the lines used to get slammed with calls.
Atreyu

You know, being 16 years old or so and running a halfway decent 2-line BBS in Toledo, OH... it was totally a 'bube toob' for me to watch back then! I haven't used the nodespy software since coming back to BBSes in recent years, but I'd be a fibber if I said I never did that in my lifetime!

Lol, I remember having parties at the house... or at least friends being over, looking at that screen just going 'what the heck it this Paulie'??? :P Back then non-BBSers just couldn't understand that people were 'in' my computer.

Good times... :P
I do wish that the boards were more popular now-a-days, as I'm sure that there is still some entertainment value in all those button presses!
Good post.



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

On 24 Mar 21 16:46:27, Paulie420 said the following to Atreyu:

You know, being 16 years old or so and running a halfway decent 2-line BBS i Toledo, OH... it was totally a 'bube toob' for me to watch back then! I haven't used the nodespy software since coming back to BBSes in recent years but I'd be a fibber if I said I never did that in my lifetime!

I never used Nodespy, I'll review the logs every day or so but thats it. Needless to say its just "not the same" as it used to be back in the 90's.

Only thing interesting here lately is some guy that calls mine and really
plays the heck out of LORD 2. That one where its the overhead-map Zelda
clone. He calls and plays that for at least 2 to 3 hours.

Its almost like at the time, you could judge a good board in the area based on how busy the lines were at midnight.

Annnnnndddd... I knew a Sysop at the time who would advertise their board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

Atreyu

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (21:1/176)

Re: Re: Anonymous SSH login
By: Atreyu to Paulie420 on Wed Mar 24 2021 09:30 pm

Only thing interesting here lately is some guy that calls mine and really plays the heck out of LORD 2. That one where its the overhead-map Zelda clone. He calls and plays that for at least 2 to 3 hours.

in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

Re: Re: Anonymous SSH login
By: Fusion to Atreyu on Wed Mar 24 2021 10:11 pm

Howdy,

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

Here is an example from this message:

Only thing interesting here lately is some guy that calls mine and really

plays the heck out of LORD 2. That one where its the overhead-map

Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

...δεσ∩

... The world looks as if it has been left in the custody of trolls.
--- SBBSecho 3.13-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

Re: Re: Anonymous SSH login
By: Fusion to Atreyu on Wed Mar 24 2021 10:11 pm

Howdy,

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

Here is an example from this message:

Only thing interesting here lately is some guy that calls mine and really

plays the heck out of LORD 2. That one where its the overhead-map

Zelda At> clone. He calls and plays that for at least 2 to 3 hours.in some ways we're pretty spoiled. if LORD 2 was the ONLY game on a system available to you, it'd be the BEST game. not to take away from the game itself, it is really quite cool.

His messages look fine here. Maybe they're being reformatted in-route to your system.
--
digital man

Sling Blade quote #21:
Karl: Coffee makes me nervous when I drink it. Mmm.
Norco, CA WX: 58.1°F, 54.0% humidity, 4 mph NW wind, 0.00 inches rain/24hrs

Re: Re: Anonymous SSH login
By: Fusion to deon on Thu Mar 25 2021 05:46 am

Re: Re: Anonymous SSH login
By: deon to Fusion on Thu Mar 25 2021 07:52 pm

I thought I'd let you know that your messages are unreadable for some reason. I see you are using the new fork of SBBS - so not sure if that is related - but I cannot determine the difference between what you quoted and what you replied to. I've seen it a few times so I thought I'd mention it.

eek. probably this one too. i don't run the board i'm currently posting on fsxnet from (it's the main synchronet board) so i've reached out to Digital Man. thanks for letting me know!

Looks fine to me.
--
digital man

Synchronet/BBS Terminology Definition #80:
Telix = Commercial MS-DOS and Windows communications/terminal program
Norco, CA WX: 58.1°F, 54.0% humidity, 4 mph NW wind, 0.00 inches rain/24hrs

Re: Re: Anonymous SSH login
By: Digital Man to deon on Thu Mar 25 2021 11:41 am

His messages look fine here. Maybe they're being reformatted in-route to your system.

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more attention and see if there is something else in common, other than VERT (if that's where they originate) and me.

...δεσ∩

... All work and no play make Jack a dull boy and Jill a wealthy widow.
--- SBBSecho 3.13-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more
attention and see if there is something else in common, other than
VERT (if that's where they originate) and me.

For what it's worth, they are all joined together for me too. It's as if
there are no line breaks at all.

Andrew

--
|03Andrew Pamment |08(|11apam|08)
|13Happy|10Land |14v2.0|08!


--- Talisman v0.14-dev (Linux/x86_64)
* Origin: HappyLand v2.0 - telnet://happylandbbs.com:11892/ (21:1/182)

Re: Re: Anonymous SSH login
By: deon to Digital Man on Fri Mar 26 2021 12:04 pm

Re: Re: Anonymous SSH login
By: Digital Man to deon on Thu Mar 25 2021 11:41 am

His messages look fine here. Maybe they're being reformatted in-route to your system.

Odd indeed.

I'm pretty sure I've noticed it in a couple of nets. I'll pay more attention and see if there is something else in common, other than VERT (if that's where they originate) and me.

I think it was my configuration of SlyEdit (the editor he's using) here on Vertrauen. Should be fixed now.
--
digital man

This Is Spinal Tap quote #18:
Sustain, listen to it. Don't hear anything. You would though were it playing. Norco, CA WX: 47.7°F, 81.0% humidity, 0 mph ENE wind, 0.00 inches rain/24hrs

Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

He only forgot to edit his last callers listing ....

Gtx!

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
* Origin: -.sOUNDGARDEn.- (21:1/116)

Am 25.03.21 schrieb Digital Man@21:1/183 in FSX_BBS:

Hallo Digital Man,

eek. probably this one too. i don't run the board i'm currently posting on >> fsxnet from (it's the main synchronet board) so i've reached out to Digital >> Man. thanks for letting me know!

Looks fine to me.

Here, the messages from him also do look garbled.
It looks like the linebreaks are stripped out or are converted wrongly
en route to my point (I'm using OpenXP which has my SBBS as uplink).

Regards,
Anna

--- OpenXP 5.0.49
* Origin: Imzadi Box Point (21:3/127.1)

Re: Re: Anonymous SSH login
By: acn to Digital Man on Fri Mar 26 2021 11:11 am

Am 25.03.21 schrieb Digital Man@21:1/183 in FSX_BBS:

Here, the messages from him also do look garbled.
It looks like the linebreaks are stripped out or are converted wrongly
en route to my point (I'm using OpenXP which has my SBBS as uplink).

hello! from what i hear everything is good in the world now :)

thanks for letting me know everyone.

Alex

Annnnnndddd... I knew a Sysop at the time who would advertise their
board and purposely take the line off-hook sometimes. He would then call other boards pretending to be users complaining about they couldn't get in. Brilliant marketing on his part.

I was guily of this.. I had 2 lines maxx, and node1 was sometimes MY out line at night.

Jeez...



|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A47 2021/02/12 (Raspberry Pi/32)
* Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

There is a difference between one caring about traffic snooped on for personal/commercial/enterprise things and traffic that resides on a silly B that has not been designed with any security beyond text-passwords or has any innovation beyond being executable by an equally silly telnet server.

Nobody snooping on my BBS usage is going to gain anything from me other tha have a real fun way of killing time.

Holy SHIT! Someone with some common sense! Glad to be in your company! ;)

... I saw Elvis. He sat between me and Bigfoot on the UFO.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

I suspect Exodus just doesn't care about security. That's OK if he is just "having fun" then there is nothing to protect.

Of course I'm having fun .. been since 1993 when I started my BBS .... but thats what it is, a BBS. If you want to be secure, you are on the wrong system. Go use the web and run something secure. The BBS was never made to be secure. Hell, for years most software had the sysop be able to SEE the user's passwords.

The only protection in a BBS that has been is a text based password. Nothing more, nothing less.

... How do you pronounce my name? With reverence.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

There is no "argument" because I'm not "arguing" anything. I'm actually finding all of this hilarious that in 2021 suddenly apparently its a proble to be running a telnet system with 90's-era software that one can supposedl "snoop on". The idea that some blackhat is going to snoop someone's telnet session while they trade barbs on some silly net or cheat at Tradewars is beyond absurd. I'll take a pass on whatever is being smoked here.

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 1994 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke up in a field 3 miles from my house .... with the letters SSH wrote on a piece of paper .... do you think this all ties together?!

... Ways to skin a cat: #27 --- Use a belt sander.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

Damn it Nick .... they came knocking at the door today about a message I posted in 1994. Said I spelled Miscellaneous wrong. I told them since 19 I made sure I knew the correct spelling of the word. Then we all sat down, laughed and giggled a bit about the old days. Then just like that, I woke in a field 3 miles from my house .... with the letters SSH wrote on a piece paper .... do you think this all ties together?!

Lol. Make sure you're not sitting in a coffee shop logged in to your board telnet, someone will see how much you sexually harass Violet and then shame you on social media. Dox you, ruin your life, all because you use telnet.

I hope Seth Able never sees this! There goes my free turns playing LORD.

... Ask me anything: if I don't know, I'll make up something.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)

I hope Seth Able never sees this! There goes my free turns playing LO

Bah. Let him see it. Dude sometimes expresses his love by sending me negati money.

Also, I have a sneaking suspicion that he's really just pursuing Jenny Gart

HA

... I think I'll wait for the 80986.

--- Renegade v1.22/DOS
* Origin: PB Renegade (gapbbs.rdfig.net:2424) Mesquite, Tx (21:3/130)