• Secure Telnet

    From fusion@CFBBS to All on Friday, March 26, 2021 16:19:00
    I got telnet over SSL working and thought I'd share the details since the
    next official release of SyncTERM looks like it's going to support it. For
    now we can use "stunnel" since the only BBS I've heard of that supports it natively is BBBS.

    Unfortunately there isn't an official 32-bit release anymore (and a lot of us are on 32-bit for the dos support!) but luckily this nice fellow here
    compiled and packaged up a 32-bit version for us:

    https://github.com/josealf/stunnel-win32

    I used the file "stunnel-testing-win32-installer.exe"

    After install, you will be asked to create a certificate for the SSL connections. If you haven't done so before, it asks you a series of questions:

    Country (US, NZ, etc)
    State
    City or Province
    Organization (I used the BBS name without "BBS" on the end)
    Organization Unit: BBS
    Common Name, domain, etc: throw in something like sslbbs.synchro.net or whatever you use for your bbs
    Email: yep.

    For Windows 7 and up, you won't have permission to directly edit the config file since it's in the "C:\Program Files" folder. You can either start up a command prompt as administrator and edit there, or copy it, edit it, and replace it with Windows Explorer (it should ask for authorization and show
    the little shield or whatever.)

    The config file has quite a few examples, but to make this easy, you can
    simply delete all but one and modify it:

    [bbs]
    accept = 992
    connect = 23
    cert = stunnel.pem

    Note that since stunnel redirects connections from port 992 to port 23, they will show up as if they're connected locally! If your BBS features anti-connection-spam (like Mystic) you should make sure 127.0.0.1 is included in the whitelisted IP addresses file. You will have to match timestamps with the stunnel log if you need to find a specific user..

    Open port 992 on your firewall and you should be all set :)

    In SyncTERM, you will have to edit your connection (F2) and change the connection type to "TelnetS". As previously mentioned, it should be included
    in the NEXT release of SyncTERM, so for now you will have to use the test versions linked at the very bottom of the SyncTERM web page.

    Hopefully someone finds this useful and it gets more widely adopted directly
    in BBS software!

    -------------------------------------------------------------------------------

    For security minded folk: it doesn't look like certificate verification is common even in the clients that have had this feature for a long time.. mostly mainframe stuff. You can however use openssl to view the server's certificate information with:

    openssl s_client -connect mysuperbbs.com:992

    If you want to get a legitimate certificate, LetsEncrypt is free, and is
    fairly easy to automate updates for with Windows' task scheduler. In which
    case openssl should show:

    verify return:1

    at each step as it walks the certificate chain.

    --- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
    * Origin: cold fusion - cfbbs.net - grand rapids, mi