.:: Bots United ::.  
filebase forums discord server github wiki web
cubebot epodbot fritzbot gravebot grogbot hpbbot ivpbot jkbotti joebot
meanmod podbotmm racc rcbot realbot sandbot shrikebot soulfathermaps yapb

Go Back   .:: Bots United ::. > YappA > The Agora
The Agora This is the place to go if you have suggestions, or if you want to participate in Council discussions. Everyone is welcome!

Reply
 
Thread Tools
Re: Bots United start a Sourceforge project?
Old
  (#11)
Pierre-Marie Baty
Roi de France
 
Pierre-Marie Baty's Avatar
 
Status: Offline
Posts: 5,049
Join Date: Nov 2003
Location: 46°43'60N 0°43'0W 0.187A
Default Re: Bots United start a Sourceforge project? - 28-03-2004

I agree with botmeister. Since not everybody in the Council seem to have the same preference, someone opens a poll in the moderators forum, so that we can decide quickly.



RACC home - Bots-United: beer, babies & bots (especially the latter)
"Learn to think by yourself, else others will do it for you."
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#12)
Nova
Council Member
 
Nova's Avatar
 
Status: Offline
Posts: 761
Join Date: Nov 2003
Location: Kiel, Germany
Default Re: Bots United start a Sourceforge project? - 29-03-2004

Another option:

Sourceforge system is opensource. Why dont we just run our ownm project management system ?

Nova


nova

- Quote: <kodex> I swear. Beta testing increases your e-wang ! :p

- Remember, today is the tomorrow you worried about yesterday.


  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#13)
Nova
Council Member
 
Nova's Avatar
 
Status: Offline
Posts: 761
Join Date: Nov 2003
Location: Kiel, Germany
Default Re: Bots United start a Sourceforge project? - 30-03-2004

Quote:
Originally Posted by Nova
Another option:

Sourceforge system is opensource. Why dont we just run our ownm project management system ?

Nova
oh, and btw. i got our own CVS server running coz i use it for my own work.


nova

- Quote: <kodex> I swear. Beta testing increases your e-wang ! :p

- Remember, today is the tomorrow you worried about yesterday.


  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#14)
Onno Kreuzinger
aka: memed / Server Admin
 
Onno Kreuzinger's Avatar
 
Status: Offline
Posts: 705
Join Date: Jan 2004
Location: germany
Default Re: Bots United start a Sourceforge project? - 30-03-2004

so its up and running allready ?
cool

should we use ssh fowarding (perhaps with key authentication) instad of opening the port in the firewall ?


sunny morning view from my balcony:

see our WIKI!
see our filebase!
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#15)
Nova
Council Member
 
Nova's Avatar
 
Status: Offline
Posts: 761
Join Date: Nov 2003
Location: Kiel, Germany
Default Re: Bots United start a Sourceforge project? - 30-03-2004

Quote:
Originally Posted by memed
so its up and running allready ?
cool

should we use ssh fowarding (perhaps with key authentication) instad of opening the port in the firewall ?
your the security expert not me if you want ok ...


nova

- Quote: <kodex> I swear. Beta testing increases your e-wang ! :p

- Remember, today is the tomorrow you worried about yesterday.


  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#16)
Terran
Member
 
Terran's Avatar
 
Status: Offline
Posts: 431
Join Date: Jan 2004
Default Re: Bots United start a Sourceforge project? - 30-03-2004

You can use CVS directly with SSH, there is no need for portforwarding.
For Linux you set an environment variable which replaces the default rsh command with the ssh command.
For Windows this depends on the client...
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#17)
Onno Kreuzinger
aka: memed / Server Admin
 
Onno Kreuzinger's Avatar
 
Status: Offline
Posts: 705
Join Date: Jan 2004
Location: germany
Default Re: Bots United start a Sourceforge project? - 30-03-2004

i know, but that includes a valid shell login, i thought of ssh2 key with strict permissions to only foward a certain port :-)

cheers memed
----
there are paranoid admins and stupid admins *g*
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#18)
Terran
Member
 
Terran's Avatar
 
Status: Offline
Posts: 431
Join Date: Jan 2004
Default Re: Bots United start a Sourceforge project? - 31-03-2004

You can't do that without logging in to the host. I'll try to explain:

The ssh protocol is an end-to-end protocol, only the connections between two authenticated and authorized hosts are encrypted. You can use ssh tunnels between those two hosts once you're in. These tunnels encrypt the traffic between those hosts bot not the traffic outside of these connections!

And (at least with OpenSSH) you can't restrict which ports are allowed to be forwarded - you only can turn it on or off.

What you could do would be to use stunnel instead of ssh. (www.stunnel.org)
Use it to encrypt the pserver protocoll and block the direct access to the pserver port using iptables. The drawback of this is that the developers need iptables at their machines too - but that's not a big problem .
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#19)
Onno Kreuzinger
aka: memed / Server Admin
 
Onno Kreuzinger's Avatar
 
Status: Offline
Posts: 705
Join Date: Jan 2004
Location: germany
Default Re: Bots United start a Sourceforge project? - 31-03-2004

*g* nice that you want to explain, but i think i know what i'm talking about

Quote:
Originally Posted by Terran
You can't do that without logging in to the host. I'll try to explain:
The ssh protocol is an end-to-end protocol, only the connections between two authenticated and authorized hosts are encrypted. You can use ssh tunnels between those two hosts once you're in. These tunnels encrypt the traffic between those hosts bot not the traffic outside of these connections!

And (at least with OpenSSH) you can't restrict which ports are allowed to be forwarded - you only can turn it on or off.

What you could do would be to use stunnel instead of ssh. (www.stunnel.org)
Use it to encrypt the pserver protocoll and block the direct access to the pserver port using iptables. The drawback of this is that the developers need iptables at their machines too - but that's not a big problem .
a ssh login which does arbitraty application (terminal) forwarding needs to be able to log in, whilst a portforwarding only account can't login. the difference is that with the normal ssh login account you can log into the server an get a shell, while the portfw only login can not log in and request a terminal.

sounds not very different but in terms of security it's a key point. the portfw only user can not try local root exploits (e.g. do_brk ..) since he can not spawn a shell at all.

stunnel is not as secure as ssh unless a real PKI is used, allthough it's probably the easier one to setup and security is very good allready.

cheers memed

from man sshd:
[qoute]
AUTHORIZED_KEYS FILE FORMAT
$HOME/.ssh/authorized_keys is the default file that lists the public keys
that are permitted for RSA authentication in protocol version 1 and for
public key authentication (PubkeyAuthentication) in protocol version 2.
AuthorizedKeysFile may be used to specify an alternative file.
...
...
...
no-pty Prevents tty allocation (a request to allocate a pty will fail).

permitopen="host:port"
Limit local ``ssh -L'' port forwarding such that it may only con-
nect to the specified host and port. IPv6 addresses can be spec-
ified with an alternative syntax: host/port. Multiple permitopen
options may be applied separated by commas. No pattern matching
is performed on the specified hostnames, they must be literal
domains or addresses.

[/quote]


sunny morning view from my balcony:

see our WIKI!
see our filebase!

Last edited by Onno Kreuzinger; 31-03-2004 at 13:29..
  
Reply With Quote
Re: Bots United start a Sourceforge project?
Old
  (#20)
Terran
Member
 
Terran's Avatar
 
Status: Offline
Posts: 431
Join Date: Jan 2004
Default Re: Bots United start a Sourceforge project? - 31-03-2004

GREAT DANGER: not having a pty doesn't prevent users from executing programs !!!

Test for yourself:
ssh -v user@host /bin/bash

But I've at least missed the permitopen="host:port" option, never noticed that before 9_9. But for a person with some skills this is no real limitation, he/she would simple install/use another forwarder...
  
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump



Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com