Subj : Re: Anonymous SSH login
To : Alpha
From : hal
Date : Wed Mar 17 2021 11:25 pm
Al> Not sure if that's exactly the way to put it, "anonymous," but was
Al> wondering how one might handle an SSH-only BBS, particuarly new account
Al> creation.
Mystic handles it a little differently.
I've just tested it on the current version of Mystic on my BBS. My BBS has
Mystic's own builtin SSH server running on 2222 (and the regular Debian
OpenSSH server running on port 22 but not accessible to the internet).
Whereas OpenSSH will abort if a valid user/password is not entered, Mystic's
ssh server (using Cryptlib) does not abort.
If a valid user/password is entered you are connected into the BBS.
If a INVALID user/password is entered Mystic responds with just a new line
If you then press enter again you connect to the BBS and after the ANSI
detection prompt drops back to the login screen where you can type in again
you new login and the system will then set you up as a new user.
The only weird thing is that you will have to explain to the users to just
enter anything at the User: prompt (just pressing enter will cause the client
to be disconnected).
You can of course run both if you want and get users to sign up over telnet
then switch to ssh (and change their password)
Another option is for user to request a login via another method if it is
privacy of initial connection you are concerned about.
