Subj : Re: Mystic SSHD won't start? Is there an SSH server?
To   : Tony Langdon
From : Bradley D. Thornton
Date : Sun Sep 08 2019 10:02 pm

  Re: Re: Mystic SSHD won't start? Is there an SSH server?
  By: Tony Langdon to Bradley D. Thornton on Mon Sep 09 2019 09:09 am

 > -=> On 09-08-19 06:18, Bradley D. Thornton wrote to All <=-
 >
 >  BDT> So... Does Mystic even include an SSH Daemon? My boxes OS  has SSHD running and listening on a non-standard port, but that's not for the
 >  BDT> BBS. If Mystic accepts SSH connections through some kind of hook using the host's Daemon I can just install and run a separate instance of
 >  BDT> OpenSSH,
 >  BDT> but wanted to check here first to make sure I don't clobber
 >  BDT> port 22.
 >
 > Yes, Mystic has its own SSH server.  You have to enable a SSH server in Mystic's setup.
 >

Thanks Tony :)

Yes I enabled the SSH server, and it didn't appear to start. I did a quick restart of mis, checked again, and still nothing - but I think I was just impatient since, when I came back a few minutes later to scan the port saw that it was open, and logged in. Yay! :)

It seemed a little funky, as far as how it went through the login process when I tried it (once), but I'll check on it later, I'm sure I've just got to get used to it.

So for now I've got port 23 open for telnet and port 22 open (running Mystic's SSHD). I'm glad that I didn't have to install and run another OpenSSHD and figure out how to pass that through or if it could be done. Like I inferred, although perhaps not clearly enough, I already have SSHD listening on another, non-standard port for regular user access to the host, i.e., there are two SSH daemons listening now, Mystic on 22 and OpenSSH on another :)

 > Now, are you starting Mystic as root or an ordinary user?  By default, ordinary users can't bind ports below 1024 on Linux.  You either have to start
 > Mystic as root (it will run as the user that owns its directory once it has bound its ports), or give the mis binary permission to bind privileged
 > ports.

I start mis as root. Actually, since that part of testing is over now, I start it as the non-priv'd user who owns the dir with a sudo - one of the use cases where I believe in using sudo ;) For that, I don't add the user to the sudo group, because any breakouts could afford a script kiddie to wreak havoc with impunity, so the user running "mis" (Not mystic) is only allowed to run mis.

I try to avoid letting non-privileged users run daemon's on privileged lower ports, but with some software, do sometimes. This isn't one of those times ;)

Now, that begs another question. If someone breaks out of Mystic... that's always a concern, so what SSH implementation does Mystic use? I ask because I want to know how confident I should be that port 22 (Mystic's SSHD) is as secure as OpenSSH is on the host.

Thanks again! I'm going to work on getting echomail setup tonight later, I think I'll start with Fsxnet. Then Fidonet, Then you won't all have to read messages from me via Rob's server ;)

If I'm once again a SysOP, then I should be sending Echomail from my own system lolz.

..

.