Subj : Re: Nightmares / Dreams
To   : Brian Klauss
From : Gamgee
Date : Sat Apr 02 2022 10:14:00

-=> Brian Klauss wrote to Gamgee <=-

 BK> First and foremost, disable root access via sshd_config.  Second,
 BK> change the port to something out there and only configure it for
 BK> a specific range of IPs. Finally, set the BBS to respond to port
 BK> 22.  Whenever I hear people getting root hacked via an SSH
 BK> exploit, I cringe.  It's not the exploit, it's stupidity.

 Ga> Not sure why you replied to me on this.  Perhaps you meant to send this
 Ga> to McDoob?  Also, some of your reply doesn't make much sense.  I would
 Ga> not set the BBS to respond to port 22 because I want the computer/OS to
 Ga> respond to 22 when I SSH to it from within my LAN.  The BBS should be
 Ga> set to something else, such as 2222 or whatever.  Oh, and it goes
 Ga> without saying that you don't allow root to access the box via SSH.

 BK> But why have an external well-known port configured elsewhere for
 BK> user access? A trivial inconvenience for yourself allows for far
 BK> greater reach for your users.  For example, having your BBS
 BK> respond on port 22 while you access your system, locally, on port
 BK> 30222, ensures your users don't have to remember the port to
 BK> access your system.

It's a very simple answer:  Dialing Directory.  By that I mean that any 
decent terminal app (SyncTerm, NetRunner) has a dialing directory to 
store the BBS names in, and the desired port number is stored there too.  
Once you enter it, it becomes a non-factor.

 BK> Ultimately, I am always on the side of the users (customers,
 BK> clients, etc.), and want to make their lives a little bit easier.

That's nice.


.... So easy, a child could do it. Child sold separately.
=== MultiMail/Linux v0.52
--- SBBSecho 3.15-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.