1. Forum
  2. AgoraNet
  3. AGN BBS

  • SSH Daemon Mode

    From Fat Rastus@46:1/107 to All on Thu Jul 14 18:25:19 2016
    Hi..

    Trying out new features... I just noticed that when running ssh in daemon mode: ie: "/mis2 root /mystic daemon" SSH connections go unanswered. However, in server mode ssh responds as expected.

    Telnet works in both modes. I did not test rlogin.

    Furthermore, when trying to exit daemon mode via the shutdown switch.. MIS2 reponds:

    [MIS2] Sending shutdown signal for PID xxxx
    The Telnet Server stops.
    However the PID is still active, and the mis2.bsy semaphore is not deleted.

    The PID and semaphore have to be killed/deleted manually at that point.

    Again, in Server mode all seems to work as expected.

    Is this the right place to post these issues?

    Oh this might be helpful: Ubuntu Server 14.04 64bit, running 112a28_l64, cryplib 3.4.3

    Fat Rastus
    --- SBBSecho 3.00-Linux
    * Origin: Electronic Warfare BBS | telnet:\\bbs.ewbbs.net (46:1/107)
  • From Al@46:1/161 to Fat Rastus on Thu Jul 14 16:57:12 2016
    On 07/14/16, Fat Rastus said the following...

    Trying out new features... I just noticed that when running ssh in
    daemon mode: ie: "/mis2 root /mystic daemon" SSH connections go unanswered. However, in server mode ssh responds as expected.

    Did you use sudo with that command or are you root already?

    I am logged in with SSH now with mis2 in deamon mode. Haven't done much
    testing yet though but it seems to work here..

    Ttyl :-),
    Al

    --- Mystic BBS v1.12 A28 (Linux)
    * Origin: The Rusty MailBox - Penticton, BC Canada (46:1/161)
  • From Fat Rastus@46:1/107 to Al on Thu Jul 14 20:31:57 2016
    Re: SSH Daemon Mode
    By: Al to Fat Rastus on Thu Jul 14 2016 04:57 pm

    On 07/14/16, Fat Rastus said the following...

    Trying out new features... I just noticed that when running ssh in
    daemon mode: ie: "/mis2 root /mystic daemon" SSH connections go

    Did you use sudo with that command or are you root already?

    No.. I don't have to run mis as root for telnet and I'd rather not run mis2 as root either. As I mentioned earlier, it runs as expected in Server Mode
    under as a normal user.

    I am a little leary of trying root for fear it might trash the permissions of the database/system files.

    I am logged in with SSH now with mis2 in deamon mode. Haven't done much testing yet though but it seems to work here..

    I"ll poke around a litte more. What flavour of linux re you running?
    --- SBBSecho 3.00-Linux
    * Origin: Electronic Warfare BBS | telnet:\\bbs.ewbbs.net (46:1/107)
  • From Al@46:1/161 to Fat Rastus on Thu Jul 14 17:53:02 2016
    On 07/14/16, Fat Rastus said the following...

    No.. I don't have to run mis as root for telnet and I'd rather not run mis2 as root either. As I mentioned earlier, it runs as expected in Server Mode under as a normal user.

    I am a little leary of trying root for fear it might trash the
    permissions of the database/system files.

    In the case of mis I run it with sudo. That way it can open ports below 1024 and after that is runs as the user that executed it.

    You can also run mis as root. It will open the ports and then run as the user who owns mis. I don't know if mis2 works the same way or not but I suspect it does.

    I am logged in with SSH now with mis2 in deamon mode. Haven't done mu testing yet though but it seems to work here..

    I"ll poke around a litte more. What flavour of linux re you running?

    Slackware64 14.1. I should probably update that but it does what I need it to do.. :)

    Ttyl :-),
    Al

    --- Mystic BBS v1.12 A28 (Linux)
    * Origin: The Rusty MailBox - Penticton, BC Canada (46:1/161)
  • From Fat Rastus@46:1/107 to Al on Thu Jul 14 22:31:58 2016
    Re: SSH Daemon Mode
    By: Al to Fat Rastus on Thu Jul 14 2016 05:53 pm

    On 07/14/16, Fat Rastus said the following...
    No.. I don't have to run mis as root for telnet and I'd rather not
    run mis2 as root either. As I mentioned earlier, it runs as
    expected in Server Mode under as a normal user.

    In the case of mis I run it with sudo. That way it can open ports below 1024 and after that is runs as the user that executed it.

    I typically run a bbs at higher numbered ports and redirect from the
    firewall or through a tunnel. Then again there is setcap, which can be a danger. But since Mystic does uid and drops privilages that's sure
    easier.

    I had read docs/mystic and parsed through several of the whatnew text but could not find if sudo safe or not.

    Fat Rastus
    --- SBBSecho 3.00-Linux
    * Origin: Electronic Warfare BBS | telnet:\\bbs.ewbbs.net (46:1/107)
  • From g00r00@46:1/127 to Fat Rastus on Fri Jul 15 21:38:49 2016
    Is this the right place to post these issues?

    You can post them wherever I can see them and Agora is one of those places! :)

    http://www.mysticbbs.com/support.html

    I was intending to release a new alpha within a day that fixed as many of the initial quirks of the MIS2 rollout as I could, unfortunately I had some
    family stuff pop up so I am behind a day or two.

    I should have a new alpha out in a day or two tops that cleans up quite a bit of things, and we can go from there with any remaining issues. I'm actually hoping to get it out tonight but no promises! :)

    --- Mystic BBS v1.12 A29 (Windows)
    * Origin: Sector 7 [Mystic BBS WHQ] (46:1/127)
  • From g00r00@46:1/127 to Fat Rastus on Fri Jul 15 21:43:32 2016
    No.. I don't have to run mis as root for telnet and I'd rather not run mis2 as root either. As I mentioned earlier, it runs as expected in Server Mode under as a normal user.

    Mystic never runs as root. It actually does something sort of clever:

    Since root is needed to bind ports less than 1024, Mystic has a trick where you start it as SUDO and then it quickly does the things that requires root access, then it drops it and runs as the user/group that owns the actual MIS binary.

    We've been doing it this way for 6 years or so now, and it can really simplify things (as I am sure you are aware of considering you're not using SUDO).

    One may be even able to argue that this is a more secure way to do things because you don't have to configure your system to allow low port binds at all, nor do you need to create any TCP tunnels.

    --- Mystic BBS v1.12 A29 (Windows)
    * Origin: Sector 7 [Mystic BBS WHQ] (46:1/127)
  • From Fat Rastus@46:1/107.2 to g00r00 on Sat Jul 16 10:15:25 2016
    On 07/15/16, g00r00 said the following...
    We've been doing it this way for 6 years or so now, and it can really simplify things (as I am sure you are aware of considering you're not using SUDO).

    Thank You. This a very nice feature. It will come in handy.

    --- Mystic BBS v1.12 A29 (Linux)
    * Origin: CombatNet Support BBS (46:1/107.2)