Hi,
I understand that there are several highly skilled programmers working
together on this software. I would like to request the creation of an MPL application that would allow a person to enter a BASH shell from within their BBS doors menu. This would be accessable to sysops and cosysops loging in remotely. It would basically be the Linux version of DOORWAY. However, I'm
not looking for an emulator, but a simple piece of software that will allow people to run the BASH shell. One main requirement would be to make it such that the nodespy software can see what the sysop/cosysop is doing in that shell. I have run this by Pequito and he assures me that it can be done, and done in MPL. Software done either in MPL or python would be cool. Message
me back if you are interested and indicate what you would like in return for this code.

Best regards,
Warmfuzzy

--- Mystic BBS v1.12 A31 (Linux)
* Origin: PHATstar RetroBOX! (21:2/113)

On 05/09/17, kiya said the following...

Hi,
I understand that there are several highly skilled programmers working together on this software. I would like to request the creation of an

nope it's only g00r00 working on mystic

|08 .|05ú|13ù|15Dr|07e|08am Ma|07st|15er|13ù|05ú|08.
|08 øù|05ú|13ùø |13øù|05ú|08ùø
|11 DoRE|03!|11ACiDiC|03!|11Demonic |08[|15dreamland|09.|15darktech|09.|15org|08]

--- Mystic BBS v1.12 A32 (Windows)
* Origin: |08--[|15!|07dreamland BBS dreamland.darktech.org (21:1/163)

Hi kiya!

09 May 2017 01:35, from kiya -> All:

I understand that there are several highly skilled programmers working together on this software.

What software are you talking about??
Mystic?

As far as I know you are farthest away from the reality as possible.
Mystic is the closed source product of one guy (James/G00r00).

CU, Ricsi

--- GoldED+/LNX
* Origin: Deadlines amuse me (21:1/104)

together on this software. I would like to request the creation of an
MPL application that would allow a person to enter a BASH shell from within their BBS doors menu. This would be accessable to sysops and cosysops loging in remotely. It would basically be the Linux version of DOORWAY. However, I'm not looking for an emulator, but a simple piece of

Invoking Shells from inside another Application, usually its not a good idea. In the past, many bugs and exploits created this way. I would recommend to
use SSH and login directly to your system.

|08\|15x|08/

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

This request, with regard to the programmers, refers to those who make mods
for the mystic bbs software, not g00r00 who codes the Mystic BBS software itself. There are dozens of programmers who have released a lot of mystic
mods over the years. My call out is to those who are skilled in MPL and
Python who would be willing to make a Mystic/Linux version of the old DOORWAY software, but using BASH instead. Thank you everyone for considering this request. It will vastly improve the administration of MysticBBS.

Cheers!

Best regards,
Warmfuzzy/Kiya

I understand that there are several highly skilled programmers working together on this software. I would like to request the creation of an
MPL application that would allow a person to enter a BASH shell from within their BBS doors menu. This would be accessable to sysops and cosysops loging in remotely. It would basically be the Linux version of DOORWAY. However, I'm not looking for an emulator, but a simple piece of software that will allow people to run the BASH shell. One main requirement would be to make it such that the nodespy software can see what the sysop/cosysop is doing in that shell. I have run this by
Pequito and he assures me that it can be done, and done in MPL.
Software done either in MPL or python would be cool. Message me back if you are interested and indicate what you would like in return for this code.

--- Mystic BBS v1.12 A31 (Linux)
* Origin: PHATstar RetroBOX! (21:2/113)

lot of mystic mods over the years. My call out is to those who are skilled in MPL and Python who would be willing to make a Mystic/Linux version of the old DOORWAY software, but using BASH instead. Thank you

MPL application that would allow a person to enter a BASH shell from within their BBS doors menu. This would be accessable to sysops and cosysops loging in remotely. It would basically be the Linux version

The biggest concern with this is potenial insecurities in the MPL program or the BBS software itself. Also, if the BBS is accessed via telnet, then
anyone with access to the networking equipment handling the traffic between
the person accessing and the BBS would be able to spy on whatever the person
is doing and potentially be able to access the server running the BBS as well as anything else on the same or connected networks.

That being said, in the case of a Linux box running the BBS (mystic) why not just add a menu option with S255 security (sysop level access) using IS
command (ssh connection) to localhost (local machine). This would allow connecting to the box's shell account.

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

xqtr wrote to kiya <=-

Invoking Shells from inside another Application, usually its not a good idea. In the past, many bugs and exploits created this way. I would recommend to use SSH and login directly to your system.

True, the one exception is DOS, because there's no other alternative. I used to be a big user of DOORWAY back in the old days. :)


... Anything good in life is either illegal, immoral, or fattening.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

kiya wrote to all <=-

I understand that there are several highly skilled programmers working together on this software. I would like to request the creation of an
MPL application that would allow a person to enter a BASH shell from within their BBS doors menu. This would be accessable to sysops and cosysops loging in remotely. It would basically be the Linux version of DOORWAY. However, I'm not looking for an emulator, but a simple piece of software that will allow people to run the BASH shell. One main requirement would be to make it such that the nodespy software can see what the sysop/cosysop is doing in that shell. I have run this by
Pequito and he assures me that it can be done, and done in MPL.
Software done either in MPL or python would be cool. Message me back if you are interested and indicate what you would like in return for this code.

I'm curious - what will this door give that SSH won't give you? If you're connecting from a Linux box, you have SSH available already, and if you have Windows, well you can install PuTTY on anything you can install SyncTerm or NetRunner on.

As someone else pointed out, making a shell available from within the BBS is a secueity risk, because there's more software in the chain, and it increases the attack surface. Even worse, if you're connected via telnet, everything you do is in the clear and accessible to any packet sniffers along the way.

Just something to keep in mind, when there's a proven alternative (SSH) available. Just run sshd on a different port to the BBS's SSH port.


... Don't hit me, Mr. Moderator... I'll go back on topic... I swear!
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

karl wrote to kiya <=-

That being said, in the case of a Linux box running the BBS (mystic)
why not just add a menu option with S255 security (sysop level access) using IS command (ssh connection) to localhost (local machine). This would allow connecting to the box's shell account.

Assuming sshd is running, this would work well.


... But if I kill him, it would start a war.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

Hi Karl,
You have some good ideas. However, I run the Mystic software in SSH-only
mode, and the reason I'm looking to get a python or MPL mod to access the
BASH shell rather than just invoking it is that I would like nodespy to be
able to view what the co-sysop is doing so that in an emergency the sysop can kill the connection. I have considered the risks and believe this to be a worthy endeavor. I back up my system weekly, many times more than once
weekly so I'm not so worried about a malory. If you are out there reading
this message and think "well, I can do that," then please consider doing it.
I am willing to work out compensation for this mod. In the past when people
do mods for me I have donated to the EFF on their behalf, sent some cash via PayPal, gave the worker some Audible audio books of their choice, etc. I understand the risks. Thank you for taking your time to consider this.

Best regards,
Warmfuzzy/KIYA

The biggest concern with this is potenial insecurities in the MPL
program or the BBS software itself. Also, if the BBS is accessed via telnet, then anyone with access to the networking equipment handling the traffic between the person accessing and the BBS would be able to spy on whatever the person is doing and potentially be able to access the
server running the BBS as well as anything else on the same or connected networks.
That being said, in the case of a Linux box running the BBS (mystic) why not just add a menu option with S255 security (sysop level access) using IS command (ssh connection) to localhost (local machine). This would allow connecting to the box's shell account.

--- Mystic BBS v1.12 A31 (Linux)
* Origin: PHATstar RetroBOX! (21:2/113)

Hi Vk3jed!

10 May 2017 08:33, from Vk3jed -> kiya:

As someone else pointed out, making a shell available from within the
BBS is a secueity risk, because there's more software in the chain,
and it increases the attack surface. Even worse, if you're connected
via telnet, everything you do is in the clear and accessible to any
packet sniffers along the way.

I agree wholeheartedly to both of you who absolutely correctly pointed out those crucial points!!!

CU, Ricsi

--- GoldED+/LNX
* Origin: Question authority before they question you! (21:1/104)

Richard Menedetter wrote to Vk3jed <=-

I agree wholeheartedly to both of you who absolutely correctly pointed
out those crucial points!!!

Yes, I was a heavy DOORWAY user back in the DOS days, being remote to the BBS for most of the time it was online. I also had it tweaked, so I could even reboot the PC (had to set the modem to ignore DTR), while staying online. Just had to be good at having a conversation with the system in AT commands to get back in, once the BBS restarted. Also got pretty good at not crashing the system or having things become unresponsive while in DOS remotely! ;)

Between DOS being single tasking and access being via a phone line (more secure from casual eavesdroppers), accessing the command line via a sysop menu item made sense, but there are better ways to remotely manage a modern Linux box on the Net. :)


... Don`t force it, get a larger hammer.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

kiya wrote to karl <=-

You have some good ideas. However, I run the Mystic software in
SSH-only mode, and the reason I'm looking to get a python or MPL mod to access the BASH shell rather than just invoking it is that I would like nodespy to be able to view what the co-sysop is doing so that in an emergency the sysop can kill the connection. I have considered the

I still don't understand the need to go through the BBS. I run nodespy on my system from a regular SSH session. Just have to login as the Mystic user, cd to the Mystic directory and run ./nodespy. Job done. :)

Yes, I don't see why you can't do what you're suggesting, I just can't see why regular SSH can't be used (since I've used that to run nodespy myself).

Even without considering security implications, it still seems writing a MPL or Python add-on is a lot of work to do something existing tools will easily do. And someone else did point out that SSH access to the command line can be done from within the BBS with an IS menu command to localhost:port with no MPL or Python code needed. The username and password could be embedded in the menu option to make it more transparent, if you wanted to go down that road.

As for doing it with an MPL, I'm not at that level of coding yet, so can't directly help with the original problem as stated.

... Baroque: When you are out of Monet.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

You have some good ideas. However, I run the Mystic software in SSH-only mode, and the reason I'm looking to get a python or MPL mod to access the BASH shell rather than just invoking it is that I would like nodespy to
be able to view what the co-sysop is doing so that in an emergency the sysop can kill the connection. I have considered the risks and believe

Ok, good argument. I don't use nodespy that much because not that many
people connect to my bbs but I was thinking. At work I frequently use tmux
to share the terminal session I am on with other employees so I can show them how to solve various problem. I haven't thought this out very well yet but what about somehow having the ssh connect to a shell account where a tmux session gets invoked. Then you could attach to that tmux session whenever
you needed to observe.

Don't get me wrong, I think the idea of Door application would be nice for integration, but I try to think of dirty shortcuts to get the job done
because it often takes much less time than to send a problem to the
developers. Nothing against programmers (used to be my job), but that using existing tools is frequently faster.

Anyway that is just my two cents. If someone came up with this door idea, I would probably even install it myself. I remember when Avon helped me out
when I was first setting up my bbs. We used tmux to share the terminal
session then but I had to open ssh to that device in my firewall for that to work.

--
Karl
The Search BBS

--- Mystic BBS v1.12 A31 (Raspberry Pi)
* Origin: The Search BBS (21:1/161)

sysop can kill the connection. I have considered the risks and believe this to be a worthy endeavor. I back up my system weekly, many times
more than once weekly so I'm not so worried about a malory. If you are out there reading this message and think "well, I can do that," then please consider doing it. I am willing to work out compensation for this mod. In the past when people do mods for me I have donated to the EFF

Well... you have been warned... :)

The most simple way is to create a menu command and execute the shell command immediately. For example i will use BASH in linux.

Create a new menu entry and in the command section and add the following:

Command : DD <--- you can also use D-, DC, DG
Data : bash -i

Save the menu and exit. You should run a BASH shell just fine. To close this shell and return to Mystic, just type "exit". If you use another shell just
add the command for this appropriate shell ex. command.com :) cmd, ksh etc.

.---- --- -- - -
| Another Droid BBS
: Telnet : andr01d.zapto.org:9999 [UTC 11:00 - 20:00]
. Contact : xqtr.xqtr@gmail.com

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

karl wrote to kiya <=-

Ok, good argument. I don't use nodespy that much because not that many people connect to my bbs but I was thinking. At work I frequently use

I use nodespy occasionally, most often to kick ghosts. Each time, it was used remotely over SSH in a terminal session separate to the BBS, that's why I'm struggling to understand the need for a shell within the BBS (other than sysop convenience :) ).

Anyway that is just my two cents. If someone came up with this door
idea, I would probably even install it myself. I remember when Avon helped me out when I was first setting up my bbs. We used tmux to
share the terminal session then but I had to open ssh to that device in
my firewall for that to work.

I'd probably run it on my Mystic system for the "coolness" factor, but as I said, I don't personally see a need.


... But the FACTS keep interfering with your theories!
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

On 05/11/17, xqtr pondered and said...

sysop can kill the connection. I have considered the risks and belie this to be a worthy endeavor. I back up my system weekly, many times more than once weekly so I'm not so worried about a malory. If you a out there reading this message and think "well, I can do that," then please consider doing it. I am willing to work out compensation for t mod. In the past when people do mods for me I have donated to the EF

Well... you have been warned... :)

The most simple way is to create a menu command and execute the shell command immediately. For example i will use BASH in linux.

Create a new menu entry and in the command section and add the following:

Command : DD <--- you can also use D-, DC, DG
Data : bash -i

Save the menu and exit. You should run a BASH shell just fine. To close this shell and return to Mystic, just type "exit". If you use another shell just add the command for this appropriate shell ex. command.com :) cmd, ksh etc.

FWIW, I do my drop to OS differently. Instead of using 'bash -i', I use 'ssh localhost'. That way, I still have to enter a password before logging in. I suppose if you want, you can create a user in linux and force the drop to OS with 'ssh -X user@localhost'. You can make several entries, one for each
user you want to force.

Ò Ö· Ò .
Ö·Ò·ÒÖÖ·Ç·Ö·Ò· Ö·Ç ÖÄÖÖÇ·Ö·Ò·ÒÒÒ cyberia.darktech.org
ӶРӶǽÐÐÓ½ÐÐ Ó½Ó ÓÄÓ¶Ó½ÓÄÐ ÐÓÐ kingwood, tx.
Ó½ ½Ó ½

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

On 05/11/17, Vk3jed pondered and said...

karl wrote to kiya <=-

Ok, good argument. I don't use nodespy that much because not that ma people connect to my bbs but I was thinking. At work I frequently us

I use nodespy occasionally, most often to kick ghosts. Each time, it
was used remotely over SSH in a terminal session separate to the BBS, that's why I'm struggling to understand the need for a shell within the BBS (other than sysop convenience :) ).

Anyway that is just my two cents. If someone came up with this door idea, I would probably even install it myself. I remember when Avon helped me out when I was first setting up my bbs. We used tmux to share the terminal session then but I had to open ssh to that device my firewall for that to work.

Well, for me, I have a firewall that blocks all SSH traffic unless it is
coming from my local network, or a predefined IP that I uses for work. All other SSH traffic is blocked. This bit me in the butt when I was traveling
and was not at work nor at home. I was able to telnet in of course. So I created a menu option in my sysop menu so I could ssh to localhost. This
gave me bash access and I was able to modify my iptables to allow connections from my location at the time.

Ò Ö· Ò .
Ö·Ò·ÒÖÖ·Ç·Ö·Ò· Ö·Ç ÖÄÖÖÇ·Ö·Ò·ÒÒÒ cyberia.darktech.org
ӶРӶǽÐÐÓ½ÐÐ Ó½Ó ÓÄÓ¶Ó½ÓÄÐ ÐÓÐ kingwood, tx.
Ó½ ½Ó ½

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

On 05/12/17, Gryphon said the following...

Well, for me, I have a firewall that blocks all SSH traffic unless it is coming from my local network, or a predefined IP that I uses for work. All other SSH traffic is blocked. This bit me in the butt when I was traveling and was not at work nor at home. I was able to telnet in of course. So I created a menu option in my sysop menu so I could ssh to localhost. This gave me bash access and I was able to modify my
iptables to allow connections from my location at the time.

Ò Ö· Ò .
Ö·Ò·ÒÖÖ·Ç·Ö·Ò· Ö·Ç ÖÄÖÖÇ·Ö·Ò·ÒÒÒ cyberia.darktech.org
ӶРӶǽÐÐÓ½ÐÐ Ó½Ó ÓÄÓ¶Ó½ÓÄÐ ÐÓÐ kingwood, tx.
Ó½ ½Ó ½

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

That's why I leave a few ssh ports open, but up high, not in the default locations. Never had a real problem even during DDOS attacks I generally
manage to get in. I have them open on four major systems DMZ, Disk server,
Main PC, old BBS system. If one is down I go in through another. They really don't try to hack them quite as much as they could since three of the four
have mystic running on them (two as points of the main).

--- Mystic BBS v1.12 A32 (Raspberry Pi)
* Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)

Gryphon wrote to Vk3jed <=-

Well, for me, I have a firewall that blocks all SSH traffic unless it
is coming from my local network, or a predefined IP that I uses for
work. All other SSH traffic is blocked. This bit me in the butt when
I was traveling and was not at work nor at home. I was able to telnet
in of course. So I created a menu option in my sysop menu so I could
ssh to localhost. This gave me bash access and I was able to modify my iptables to allow connections from my location at the time.

Hmm, that's a case of security measures creating an insecurity. ;) My ultimate fallback is I can VPN in to my router on most devices and appear as part of the LAN. Rarely have to go to that extent. :)


... Side effects may include nausea, diarrhea, anxiety, and sleeplessness.
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (21:1/109)

FWIW, I do my drop to OS differently. Instead of using 'bash -i', I use 'ssh localhost'. That way, I still have to enter a password before

Yes, this is for sure a more secure way. :) I was just answering to kiya who wanted an easy way to shell from his bbs. Personally i am not using any way
to invoke a shell from my BBS. I prefer to SSH from a local machine, although
i have left a port open to login also outside my network. If i don't use it
for a time i will surely close it.

.---- --- -- - -
| Another Droid BBS
: Telnet : andr01d.zapto.org:9999 [UTC 11:00 - 20:00]
. Contact : xqtr.xqtr@gmail.com

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

On 05/12/17, Vk3jed pondered and said...

Gryphon wrote to Vk3jed <=-

Well, for me, I have a firewall that blocks all SSH traffic unless it is coming from my local network, or a predefined IP that I uses for work. All other SSH traffic is blocked. This bit me in the butt whe I was traveling and was not at work nor at home. I was able to telne in of course. So I created a menu option in my sysop menu so I could ssh to localhost. This gave me bash access and I was able to modify iptables to allow connections from my location at the time.

Hmm, that's a case of security measures creating an insecurity. ;) My ultimate fallback is I can VPN in to my router on most devices and
appear as part of the LAN. Rarely have to go to that extent. :)

I should prolly look in to VPN options.

Ò Ö· Ò .
Ö·Ò·ÒÖÖ·Ç·Ö·Ò· Ö·Ç ÖÄÖÖÇ·Ö·Ò·ÒÒÒ cyberia.darktech.org
ӶРӶǽÐÐÓ½ÐÐ Ó½Ó ÓÄÓ¶Ó½ÓÄÐ ÐÓÐ kingwood, tx.
Ó½ ½Ó ½

--- Mystic BBS v1.12 A32 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (21:1/101)

On 05/10/17, Vk3jed said the following...

Yes, I was a heavy DOORWAY user back in the DOS days, being remote to
the BBS for most of the time it was online. I also had it tweaked, so I could even reboot the PC (had to set the modem to ignore DTR), while staying online. Just had to be good at having a conversation with the system in AT commands to get back in, once the BBS restarted. Also got pretty good at not crashing the system or having things become unresponsive while in DOS remotely! ;)

Thats a neat trick.

Immortal

--- Mystic BBS v1.12 A32 (Linux)
* Origin: Lightning BBS -- lightningbbs.com:2400 (21:1/185)