Subj : Re: Nightmares / Dreams
To   : Nightfox
From : 2twisty
Date : Thu Mar 31 2022 16:56:19

 Ni> I also support both on my BBS, but I think the reason people generally
 Ni> don't strongly suggest to use SSH is that it seems most BBS users don't
 Ni> really care if their BBS session is encrypted.  Telnet seems to be the
 Ni> default, and it seems most users won't care enough to switch it over to
 Ni> SSH.  People have said they don't think there's a strong need that their
 Ni> BBS activity (or perhaps even their account password) be encrypted
 Ni> because there isn't much of value that can be gained from it.

Ah, but there *is* value.  Why not keep your comms secret?  It costs you nothing except the sysop 5 minutes to enable the server and to open the ports in the firewall, and it takes the user even less time to switch.

Furthermore, (at least) SyncTERM allows auto login with SSH, which can allow a user to use strong, unique passwords that they don't have to remember or copy/paste.

Instead of a password like LETMEIN, you could have a password that is^*D0h1#@ (up to the max password length of the BBS software)

Yes you can use the "what are you hiding if you are encrypting?" argument.  My answer to that is "What am I concealing/protecting? My PRIVACY."

Since I am a long time Linux/Windows server admin, security and privacy are top-of-mind.  Also, one of the reasons that BBSes are gaining some traction these days is because of privacy; we come here so that we aren't data mined by facebook and google for everything we type.

Seems to me that encryption goes hand-in-hand with that mindset.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: The Ratrace Losers (21:3/166)

.