[Home] [Downloads] [Search] [Help/forum]

Gammon Software Solutions forum

See www.mushclient.com/spam for dealing with forum spam. Please read the MUSHclient FAQ!

[Folder]  Entire forum
-> [Folder]  MUSHclient
. -> [Folder]  Suggestions
. . -> [Subject]  FuzzBall 6 feature support: SSL and MCP
Home  |  Users  |  Search  |  FAQ
Username:
Register forum user name
Password:
Forgotten password?
(New message)
Subject: FuzzBall 6 feature support: SSL and MCP
Name:
Your forum user name.
Register forum user name
Password:
Your forum password.
Forgotten password?
Message:
Message to be posted (in English, please)
Maximum of 6000 characters. Text only please, no HTML.
Forum codes:
Check this if your message uses 'forum codes' or templates (auto-detected for new posts).
Forum codes Templates

Save this message ...

Subject review (reverse sequence)

Pages: 1 2  

Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Sun 10 Nov 2002 04:28 AM (UTC)  quote  ]
Message
Oh Gods, I don't even want to think about that right now. I'll try to find some option in the near future.:)
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Fri 08 Nov 2002 12:36 AM (UTC)  quote  ]
Message
And is there an equivalent to a SOCKS proxy? ie. tunnel through a similar program where you need to use SOCKS proxying?
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Fri 08 Nov 2002 12:27 AM (UTC)  quote  ]
Message

Brilliant! Thanks very much. I have reworked your documentation to make it part of the main MUSHclient web page, because of its general appeal.

See How to connect to a secure MUD using MUSHclient .

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Fri 08 Nov 2002 12:18 AM (UTC)  quote  ]
Message
Quote:

Okay I'm a little frightened that you compiled it all yourself but okay.


There was an alternative?
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Thu 07 Nov 2002 10:16 PM (UTC)  quote  ]
Message
Forgot.

Rename the configuration file stunnel.conf

Alternately, you may keep the name as any name you wish, and make a shortcut to stunnel, with the name of the textfile as the argument.

So it might be: stunnel stconf.txt

There you go!
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Thu 07 Nov 2002 10:13 PM (UTC)  quote  ]
Message
How's this for luck?
Got it to work, and here's the main explanation with security.

Please note that other options are available at the website
http://www.stunnel.org/
where you can find out other ways to configure Stunnel.

Instructions:
Obtain Stunnel from the above address.

Go to the Download Tab, and from there go to the download directory.

Currently available highest version is "stunnel-4.03.exe"

Put this anywhere you like. I put mine in a folder in Program Files, and set up a StartUp folder link to it, so that it would start every time.

If you're running NT, 2k or XP you may wish to set up Stunnel as a service. Look on the website.

You'll need the OpenSSL library for the encryption. In the download directory, go to the OpenSSL directory of your choice, preferrably the highest version. As of this writing, the highest version in that directory is openssl-0.9.6g. Download the zip file within, it will contain all the files you need. Extract that file to the same folder as you put Stunnel in.

Now, in notepad, create a new text file. Save it in the same directory. Remember the filename.

This text file will be our configuration file. The following options should be first in the file.

client = yes
output = out.log

I put client = yes so the program would know it's designed to tunnel to a server with SSL, and I put output = out.log because I wanted a definite file that the Stunnel program would record its output to. This can be changed or left out. client = yes is required.

Now for the fun part. You'll need to set up each service you wish to connect to with MUSHClient. I'll walk you through it.

Simplest way:
(Any Line with a # at the beginning is a comment and not necesary)

[servicename]
#This is the name of the service in stunnel's logs.
#whatever you wanna call it. I call them muck1 muck2 etc.
connect = muck.muck.com:9999
#This is obvious. 9999 should be the SSL port.
accept = localhost:5555
#5555 to be replaced with whatever port you wish.

Example:

client = yes
output = out.log

[mymuck]
connect = mymuck.mymucksdomain.com:8989
accept = localhost:5555

[mysecond]
connect = othermuck.com:4205
accept = localhost:5556

Remember the accept lines, those are what you configure MUSHclient to connect to. 'localhost' at port 5555 and 5556.
Please note that further options can be gotten from the stunnel website (see the 'man page listing') or from running the command line 'stunnel -help'

By the way, this way works such that in ZoneAlarm, set stunnel to be allowed to access the internet and local, be a server to local, and block it from being a server to internet. In the newest version of ZoneAlarm, the first three boxes are check-marks, and the fourth is an X.

That's all!
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Shadowfyr   USA  (1,774 posts)  [Biography] bio
Date Thu 07 Nov 2002 08:23 PM (UTC)  quote  ]
Message
Which of course sounds simple..

Client -> Request link to proxy port using local 127.0.0.1.
Proxy -> Checks is from local and tells client link
established if not remote.
Client -> Sends the server and port for the remote location
to proxy.
Proxy -> Attempts to connect to remote addr:port.
If successful -> send client a 'success' message.
Client -> Begins 'normal' telnet operation.

In theory at least this is how it 'should' work, unless some clown out there came up with some stupidly more complex method. I would try writing a proxy to do this stuff myself, assuming I could find the encryption info, but mushclient doesn't support the above transaction needed to establish the communications. I do however have to wonder what it is I am missing that makes it so hard to impliment.. :p But then I am by no means an expert on this. ;)
main {
__if (Schrodinger_Cat is Alive or version >= "XP"){
____if version = "Vista" then Performance /= Number_of_Cores;
____call Functional_Code();}
__else
____call Crash_Windows();}
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Thu 07 Nov 2002 05:12 AM (UTC)  quote  ]
Message
I don't really see this working in a plugin. You need to intercept the incoming encrypted text and decrypt it, and decrypt outgoing text. MUSHclient doesn't allow you to change the incoming text in this way.

The way I see it working is for a SSL program to act as a proxy, not that I got it to work yet, but it would go like this:


MUSHclient --> (plaintext) --> proxy --> (encrypted) --> Internet --> MUD

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Thu 07 Nov 2002 04:16 AM (UTC)  quote  ]
Message
Okay, here goes my only response: I can't seem to figure out how to make these programs work right. So, I'd like to ask the question:
Nick, do you feel it is possible to do this with Plugins, or is that not possible? If so, lemme know how to write one (I checked the documentation but could not do that, it didn't seem to exist, the plugin wizard) so, I think I could port the C++ code over if there's a standard plugin system to code in.
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Shadowfyr   USA  (1,774 posts)  [Biography] bio
Date Wed 06 Nov 2002 07:59 PM (UTC)  quote  ]
Message
Magnum?? lol Skimming the names instead of the posts this time? ;)
main {
__if (Schrodinger_Cat is Alive or version >= "XP"){
____if version = "Vista" then Performance /= Number_of_Cores;
____call Functional_Code();}
__else
____call Crash_Windows();}
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Tue 05 Nov 2002 11:38 PM (UTC)  quote  ]
Message
I am inclined to agree with most of what Magnum says, however there are cases where something that is complex to implement, and is only wanted by a handful of players, might be better done as an external program. Once you have a program that works, you can always keep that copy along with MUSHclient.

MUSHclient itself is a blend of hand-written stuff (eg. XML parser), compiled-in routines (eg. regular expression handling), and external routines (eg. spell checker, scripting support).
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Shadowfyr   USA  (1,774 posts)  [Biography] bio
Date Tue 05 Nov 2002 05:50 PM (UTC)  quote  ]
Message
Just one comment one the 'black box' theory.. This is fine in a unix environment where 90% of the system is dependant on those black boxes and there are a half dozen alternative boxes to employ. Under windows the effect of black boxing is the exact opposite. Often the same box will break going from one system to the next exa: there is a bug for instance in CreateProcess on 9x systems that results in a console app inheriting the stdin/stdout/stderr pipes from the calling program, even when you tell it not to - result NT/XP will work right if you fail to take this into account, but 9x gives no output. The other problem is availability.

There are one or two programs I would like to get for use with a program called POVRay that are impossible to find anymore. They also took the 'our program does just X and to extend it use Y approach'. The result has been an extremely good 3D photorealistic renderer, that takes as much time to learn to use properly as coding C++, because there are very few graphical front ends and even Moray, which was specifically designed to be used with it, doesn't correctly support all the features of the prior version, let alone the current one.

If you want to black box things you have to do one of three things. A) be absolutely sure that there are real alternatives around you can use that you are reasonably sure will still be available in a year from now, B) encourage people to design them and provide a plae to keep them 'along side the program' or C) code them yourself.

The problem is that A) is nearly certain to not be true, B) isn't entirely possible with your server set up, so stuff end up on other site, where it may not be available later and C) means time spent working on the black boxes instead of the client. It is imho better to find eligant solutions to some of these things internally than rely on the assumption that a windows product can function based on a black box design, especially considering the prevalence of item A above.

That said.. There may be some things like the graphics support that can be done the easy way. For instance as I stated in another thread, I have a fairly decent browser that is a mere 455k, runs quite fast and does everything IE can (using the IE core). My only complaint with it is that since it was designed to be used in a game, it doen't correctly keep track of the last pages scroll position and pop-up windows are opened in the full IE, which I hate. It wouldn't be that hard to make a black box that implimented a simple browser window to support nearly anything a person wanted to throw at the client, with the exception of full pages (and if you wanted to give it back, forward, stop, etc. buttons...). I wouldn't mind in the least having such a thing 'packaged' with the client as a black box, but I can't see myself relying on the full IE or something 3rd. party that I can't find a week from now.
main {
__if (Schrodinger_Cat is Alive or version >= "XP"){
____if version = "Vista" then Performance /= Number_of_Cores;
____call Functional_Code();}
__else
____call Crash_Windows();}
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Tue 05 Nov 2002 11:51 AM (UTC)  quote  ]
Message
Okay I'm a little frightened that you compiled it all yourself but okay.

You can force openSSL to be a localhost only client? If that's the case then damn the odds I'm getting openSSL for windows, and if I can get it to work I'll post my results (YMMV of course) and EOT.:)
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Nick Gammon   Australia  (18,770 posts)  [Biography] bio   Forum Administrator
Date Tue 05 Nov 2002 04:52 AM (UTC)  quote  ]
Message
OK, I've spent about an hour compiling and installing Fuzzball Muck, so far so good. It accepts an unencrypted connection, and an encrypted one on another port using:

openssl s_client -connect localhost:4567

However what I want to at least try is tunnel MUSHclient through this, which I can't seem to achieve right now. I can't even get ssh to work, which I suspect is because of the handshaking protocols more than anything.

I understand and agree about the open port, however I would have the source port available internally only, not to other incoming users.

eg.

MUSHclient --> openssl port 4567 -> FuzzBall 8888

Thus the openssl (or whatever) is on the local PC however only listening on port 4567 for localhost connections not internet connections.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Tue 05 Nov 2002 04:39 AM (UTC)  quote  ]
Message
A Server that Supports SSL:
FurryMUCK -- Oldest Existing MUCK on Earth.
http://www.furry.com/
addr at muck.furry.com:8888

I understand your objection to adding more features into the program that will bloat the application, and I see the point in not wanting to add SSH support when it can be available via 'black boxes' or daemons.

MCP itself is another commonly used protocol, along with MXP, and I'm seeing both very common so MCP may be a feature that would be very good to implement. It's protocol is not all that bad, and can even in itself I think support some form of encryption if done right, but I'll leave that to you. I will provide more info if desired.

I love the UNIX approach of 'black boxes' etc, however, hear me out. It's all well and good to run PuTTY or some other SSH router to the MU* of your choice, but here are my points:

1. If you don't run it constantly, you have to start up the program and set up it's options when you want to use the MU*.

2. If you do run it constantly, what you have is basically an OPEN PORT. I hate to say it, but it's a pain to get a hardware firewall to block based on PROGRAM (you can block on the PORT but that's sometimes hard) and with software firewalls (which is all some of us can afford) none of these programs will behave if they are not given acceptable access to server to the outside internet.

Now, I'm going to go into a quick dissertation of why I don't want an open port on my computer.

If I connect to this port with MUSHclient, it reroutes it through PuTTY or Stunnel or other SSH router, to the server's SSL, and then decrypts it there. All is well, and to me it's seamless and I get encrypted transmission.

If someone ELSE connects to this port with ANYTHING, what they now have is a secure channel to this server, masquerading as ME! Which means they have full and complete access to start doing whatever they want and they won't get yelled at for 100 hack attempts or for crashing the server. I will.

As we all know from events regarding all those DDOS attacks, most of them came from average computer systems, which did not know that they were holding such 'Trojan Horses' and 'Redirects'. Which scares me, because if it had not been found out that they were, these individuals might be prosecuted.

I understand completely that maybe adding SSL support to MUSHclient is a bad idea because of bloat. However, if we can get someone skilled at writing PLUGINS or perhaps just figuring out how the plugin language works, and can get that to work with SSL, perhaps this is a much better alternative.

I hope I have swayed some thoughts, or at least provoked others, or at the LEAST wasted air.

--:)
I'm not special! I just code my brains out for you!
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.

19,160 views.

This is page 1, subject is 2 pages long: 1 2  [Next page]

[Reply to this subject]  Reply to this subject   [New subject]  Start a new subject   [Refresh] Refresh page

Go to topic:           Search the forum

[Go to top] top

[Home]

Written by Nick Gammon - 5K

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( http://www.gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Internet Contents Rating Association (ICRA) - 2K]    [Web site powered by FutureQuest.Net]