Subj : Re: Mass Transfer for the TIPI
To   : Beery
From : James Digriz
Date : Sun Mar 10 2019 14:10:32

Beery wrote to James Digriz:
B> James,
B> 
B> I do not have anything setup with ssh for the TI.  I'm not even aware of 
B> what
B> would be needed.
B> 

I was considering getting a TIPI when I can afford it, to use with a TI or a
Geneve. (Still owe Schneider or one of those Scart thingies if he's still
holding it for me.) Mainly, my concern is as a BBS operator, not really 
wanting
 to run a naked telnet server, whatever port it's on.

A) It's just not secure. Plaintext authentication is easily snooped and 
defeats
its own purpose. And then the traffic itself is unencrypted. Among other
concerns with telnet. You can of course TLSify telnet with stunnel, and from 
my
 understanding that should be possible to do transparently with the TIPI 
device
 (or maybe it already can do that; I don't know), but otherwise this
requires you to telnet into an stunnel ingress port on a server on your LAN.
Not a problem for me to set up stunnel for incoming, but this is another
excuse for a FAQ, which nobody will read, and instead complain that they can't
telnet into your BBS. Life's just too short, Beery. 

B) SSH offers other potential features that TIPI could conceivably export
through  DSR's on the TI side. Rsync, port forwarding, etc.    

        
B> I'm trying to fully understand your concerns.  Are you worried about 
B> someone
B> trying to telnet into your system?  Or, is it dealing with telnetting out 
B> of
B> your system.  I know the telnet session is not encrypted, but outside of
B> signing in, not sure what one may have that could be at risk.
B> 
B> Here on my BBS, my AT&T provided router allows me to port forward.  So, 
B> when
B> you telnet into my Windows Mystic BBS, you are using port 9640, not port 
B> 23.
B> And, my Windows computer is listening on port 9640 and responds
B> appropriately.

I don't worry, I OBSERVE on a CONTINUAL basis, spammers, crackers, etc.
 banging away on the Telnet port to the extent that xinetd is overloaded and
barfs. Then won't restart. MBSE has an unpassworded newuser account, too,
making things worse. I've tweaked xinetd and the hanging has (knock on wood)
stopped, and csf firewall helps greatly, but I just don't like it.

I appreciate that vintage equipment, or vintage software don't often offer 
much
 beyond telnet, so I keep it running for now. 

B> 
B> As far as the TIPI, the Raspberry PI has some default configuration and it 
B> is
B> not going to see any connections unless the router port forwards anything 
B> to
B> it.
B> 

Refresh my memory, but what OS is TIPI running?

jbdigriz 


    Greetings, James Digriz
    email: jbdigriz@bbs.dragonsweb.org

--- MBSE BBS v1.0.7.11 (GNU/Linux-x86_64)
 * Origin: DragonsWeb Labs  (80:774/61)

.