Subj : Anonymous SSH login
To : All
From : Alpha
Date : Tue Mar 16 2021 04:38 pm
Not sure if that's exactly the way to put it, "anonymous," but was
wondering how one might handle an SSH-only BBS, particuarly new account
creation.
I saw someone post a git issue for Syncterm today (Deuce?) that seemed
like Syncterm supports BBSs that have 'generic' or anonymous connection
usernames over SSH (like "user"), but then essentially the BBS software
would tunnel the user to the telnet login for UN and PW login. The
advantage being, from day 1, the process is more secure. Even
users creating their intial BBS account with a password in clear text--I'm
finally realizing--is a pretty bad idea, LOL.
I'm sure many people are like, who cares? It's a BBS. Welcome to the
1908s. But... I've been thinking about it. And if I'm thinking about it,
I'm 100% positive that smarter people have already been down that road.
My idea is simple as this: I'd run a custom SSH server, accept a UN/PW
auth with a generic UN and any PW. Then, once connected, tunnel the user
over to the BBS' telnet login via SSH...
I know, sounds like a lot of work for something that isn't a big problem
for most people. Might be easier just to allow Telnet new users, but then
force login over SSH and change PW on first login. Or something like that.
One potential down side is, all logins will look like they are coming from
my internal IP address, unless I found a way to pass this info? Also, bots
and simultaneous connections.
Anyone think about doing this, or are they doing this?
