[Home] [Downloads] [Search] [Help/forum]

Register forum user name Search FAQ

Gammon Forum

[Folder]  Entire forum
-> [Folder]  MUSHclient
. -> [Folder]  Suggestions
. . -> [Subject]  FuzzBall 6 feature support: SSL and MCP
FuzzBall 6 feature support: SSL and MCP

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page

Pages: 1 2  

Posted by StelardActek   Australia  (7 posts)  [Biography] bio
Date Mon 24 Jun 2002 05:59 AM (UTC)

Amended on Mon 24 Jun 2002 06:02 AM (UTC) by StelardActek

Message
The recent versions of the FuzzBall MUCK server support SSL connections, as well as GUI interfaces via the MCP protocol. I'm not sure if MCP is anything like MXP, but I don't believe MUSHclient supports Secure Sockets Layer. Since MUCKs are based around socialising, and can be considered private, SSL connection support would be good for those of us who use MUSHclient for MUCKs.

FuzzBall's website is at http://www.belfry.com/, and the latest server can be found at http://sourceforge.net/projects/fbmuck/
[Go to top] top
Posted by Nick Gammon   Australia  (22,975 posts)  [Biography] bio   Forum Administrator
Date Reply #1 on Tue 25 Jun 2002 03:04 AM (UTC)
Message
Hmmm - I suppose by "private" you mean that in a one-on-one conversation you don't want other parties to eavesdrop?

The problem here is that SSL doesn't really solve that problem. It will, to a certain extent. If you are on a network then encrypted sessions will make it harder for people who are "tapping" the local subnet to listen to what you are saying, however that may not be your main problem.

This is what would happen (I guess) with a SSL-enabled session:


 Player A -- (encrypted) --> MUCK -- (encrypted) --> Player B


The problem is that the MUCK will have the conversation in clear text, and I know of a couple of servers that have provision for admins to "snoop", "monitor" or "log" - that is, to view your conversations without your knowledge. The SSL provision will not stop that.

These provisions were added to help admins deal with troublesome players (eg. those that harrass others) by recording what they are doing, to be used in evidence against them.

The only really secure way to have a private conversation would be to have encryption/decryption at the client end and have the server pass through the encrypted message unchanged.

eg. You might say "SGVsbG8gdGhlcmUgSm9obg==" and someone with the correct password could interpret it.

I don't have a big problem with adding some sort of "encrypted say" to MUSHclient, excepting all the restrictions on exporting encryption from various countries.

You could conceivably do it yourself with a bit of scripting (eg find a DES routine, encrypt a message, use Base64 encoding on it, and send that).

Maybe one of the plugin authors here would like to try that? :)
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by StelardActek   Australia  (7 posts)  [Biography] bio
Date Reply #2 on Wed 26 Jun 2002 06:35 AM (UTC)
Message
Actually, I think the MUCK admins would take a rather dim view of people sending encrypted messages through the server. I'm not really concerned about the logging that /does/ go on on MUCKs. It is nessisary, as you said, to deal with problems. I trust the admins on the MUCKs I frequent, in any case. However, I would like to take advantage of FuzzBall's SSL feature to prevent eaves dropping between my computer and the server. Could it be implemented via a plug in?
Also, what of MCP?

Thanks for your time, however.

-- Stelard Actek
[Go to top] top
Posted by Magnum   Canada  (580 posts)  [Biography] bio
Date Reply #3 on Wed 26 Jun 2002 02:41 PM (UTC)
Message
Actually, in a world where the authorities have gone rampant invading everyone's privacy, I believe ALL communications should be encrypted, no matter how trivial the subject. :)
Get my plugins here: http://www.magnumsworld.com/muds/

Constantly proving I don't know what I am doing...
Magnum.
[Go to top] top
Posted by RedWolf   (2 posts)  [Biography] bio
Date Reply #4 on Wed 26 Jun 2002 03:53 PM (UTC)
Message
That don't sound like such a bad idea... The ability to send encrypted text to a Mu* and then others who have the proper password to decrypt it.

Some admins may not like this... But it would be a step to increase privecy if you do wish to send some information over a mu* that even the admins should not see.

Being an Admin myself Id not mind that...
[Go to top] top
Posted by Nick Gammon   Australia  (22,975 posts)  [Biography] bio   Forum Administrator
Date Reply #5 on Sat 29 Jun 2002 12:08 AM (UTC)
Message
I can't see what the major objection of admins would be. The two things a player is likely to do to annoy another player (via chatting) are:


  • Spamming them - you could tell if this was happening whether or not the message was encrypted, in this case the test is just "is there a lot of it?".
  • Offensive comments - if the comments were encrypted then you would simply refuse to decrypt them (eg. discard the password) thus you wouldn't know or care what they were.
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by StelardActek   Australia  (7 posts)  [Biography] bio
Date Reply #6 on Fri 05 Jul 2002 05:11 AM (UTC)
Message
Okay, I stand corrected. Please disregard the first sentance of my last post. :)
However, the rest of the post still stands, and doesn't seem to have been touched by anyone. If SSL connections can be handled by a plugin, I'd be more than happy to give it a shot. I program in Delphi 6.

-- Stelard Actek
[Go to top] top
Posted by Nick Gammon   Australia  (22,975 posts)  [Biography] bio   Forum Administrator
Date Reply #7 on Sun 07 Jul 2002 11:45 PM (UTC)
Message
I haven't tried this, but it might be possible to "pipe" MUSHclient through a SSL program (eg. PuTTY) thus getting the encryption in an external program. Basically, use it as a proxy server.

I really think this can be made to work. OpenSSH is an open source version of SSH, so you should be able to get it for Windows, and I am pretty sure it supports redirection to another port/server. I think they use that to do ftp via ssh. It would be something like this:



MUSHclient --> localhost/1234 --> SSH --> mud server/4000
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by StelardActek   Australia  (7 posts)  [Biography] bio
Date Reply #8 on Sun 11 Aug 2002 12:00 PM (UTC)
Message
Piping is certainly possible. However, it's a pain to organise. There are sure to be many who want SSL connections -- it protects their passwords too, you know -- but not the bother of piping. Acording to the author of FB6 and Trebuchet (sp?), many people have started using the latter client, becuase of it's support for SSL and MCP (GUI for MUCKs). I'd rather stay with MUSHclient, however.

-- Stelard Actek
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Reply #9 on Wed 28 Aug 2002 06:33 PM (UTC)
Message
Much as I'd like to agree with Nick here, since the security still stops at the MUCK itself since you cannot guarantee that person B has the SSL, I can still say that the SSL support is a fine idea.

And yes, tunneling is a good try, after all I've seen stunnel and other things work out great, however I have a slight problem there:

I have about 5 MUCKs, MUDs MUSHs whatever that I connect to AT A TIME. Now, with OpenSSH this may be all well and good but what if I want to do all of them? I'd have to basically open up 5 ports on my computer. Now, if you're not running ZoneAlarm at home this doesn't seem like much of a problem, but the security risks of opening up a port on your PC that redirects to a FBMUCK or anything else under a secure shell with YOUR IP are just horrifying. Most people are unaware of that.

I'm not sure if OpenSSH allows for only opening the port on the local computer, or if in ZoneAlarm if I set it up so it's only able to serve to the trusted 'zone' (aka my PC) will that give it a heart attack... If someone knows SSH protocol and can write this in a plugin or even put it right into MUSHClient I'd think it'd be a lot safer. A lot of the popular telnet clients for UNIX, Windows, Mac, and other platforms (I think even Amiga) have SSH support built right in and clickable.

If I'm wrong and OpenSSH is smart about things like this please lemme know. But I'd love to continue using MUSHclient and also hide my password from being sent cleartext.
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Buran   (5 posts)  [Biography] bio
Date Reply #10 on Fri 25 Oct 2002 02:18 AM (UTC)
Message
I too want the SSL support. The reason? I'm not concerned about being logged at the server level (I know exactly what logging can be done as I once installed FB6 on my OS X-based Powerbook and played with it). My concern is, rather, being sniffed on the local network level. I do not necessarily want anyone to be able to view my login password or any of my correspondence.

This is especially of importance to users of unencrypted (insecure) wireless networks. (My personal access point is as well locked down as it can be given what I have access to, but I know from wardriving experience that the vast majority of people don't encrypt their networks at all.)

MUSHclient is perfect for me ... except for SSL support.

Please, please add this support.
[Go to top] top
Posted by Nick Gammon   Australia  (22,975 posts)  [Biography] bio   Forum Administrator
Date Reply #11 on Tue 05 Nov 2002 12:18 AM (UTC)
Message
Out of curiosity, please let me know of a server that supports SSL. Then at least I can try seeing how I can connect to it using MUSHclient, one way or another.

However I would like to comment that I am somewhat opposed to adding all sorts of extra features into MUSHclient that are effectively available elsewhere, because this is what makes reasonably small, tight, bugfree programs large, bloated and difficult to maintain. So far I have been asked to add:


  • SSH support
  • Support for <forms> tags (eg. in Pueblo) so it can behave like a web browser and you could edit room descs by filling in a form
  • Support for graphics (like a web browser again)
  • Support for ftp (MUDftp)
  • Support for sound
  • Proxy server support


Some things I can see the point of, eg. MXP and MCCP, as they need to be tightly integrated into the MUD client, and are also not particularly large (well, MXP was a fairly big project).

However most things can be achieved today another way, eg. using ftp in a separate program. I am somewhat of a fan of the Unix approach where you have lots of small "black boxes", each one of which does one thing, and does it well. If you need to combine two things (eg. ftp a compressed file) you use two of these things in tandem.
- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Reply #12 on Tue 05 Nov 2002 04:39 AM (UTC)
Message
A Server that Supports SSL:
FurryMUCK -- Oldest Existing MUCK on Earth.
http://www.furry.com/
addr at muck.furry.com:8888

I understand your objection to adding more features into the program that will bloat the application, and I see the point in not wanting to add SSH support when it can be available via 'black boxes' or daemons.

MCP itself is another commonly used protocol, along with MXP, and I'm seeing both very common so MCP may be a feature that would be very good to implement. It's protocol is not all that bad, and can even in itself I think support some form of encryption if done right, but I'll leave that to you. I will provide more info if desired.

I love the UNIX approach of 'black boxes' etc, however, hear me out. It's all well and good to run PuTTY or some other SSH router to the MU* of your choice, but here are my points:

1. If you don't run it constantly, you have to start up the program and set up it's options when you want to use the MU*.

2. If you do run it constantly, what you have is basically an OPEN PORT. I hate to say it, but it's a pain to get a hardware firewall to block based on PROGRAM (you can block on the PORT but that's sometimes hard) and with software firewalls (which is all some of us can afford) none of these programs will behave if they are not given acceptable access to server to the outside internet.

Now, I'm going to go into a quick dissertation of why I don't want an open port on my computer.

If I connect to this port with MUSHclient, it reroutes it through PuTTY or Stunnel or other SSH router, to the server's SSL, and then decrypts it there. All is well, and to me it's seamless and I get encrypted transmission.

If someone ELSE connects to this port with ANYTHING, what they now have is a secure channel to this server, masquerading as ME! Which means they have full and complete access to start doing whatever they want and they won't get yelled at for 100 hack attempts or for crashing the server. I will.

As we all know from events regarding all those DDOS attacks, most of them came from average computer systems, which did not know that they were holding such 'Trojan Horses' and 'Redirects'. Which scares me, because if it had not been found out that they were, these individuals might be prosecuted.

I understand completely that maybe adding SSL support to MUSHclient is a bad idea because of bloat. However, if we can get someone skilled at writing PLUGINS or perhaps just figuring out how the plugin language works, and can get that to work with SSL, perhaps this is a much better alternative.

I hope I have swayed some thoughts, or at least provoked others, or at the LEAST wasted air.

--:)
I'm not special! I just code my brains out for you!
[Go to top] top
Posted by Nick Gammon   Australia  (22,975 posts)  [Biography] bio   Forum Administrator
Date Reply #13 on Tue 05 Nov 2002 04:52 AM (UTC)
Message
OK, I've spent about an hour compiling and installing Fuzzball Muck, so far so good. It accepts an unencrypted connection, and an encrypted one on another port using:

openssl s_client -connect localhost:4567

However what I want to at least try is tunnel MUSHclient through this, which I can't seem to achieve right now. I can't even get ssh to work, which I suspect is because of the handshaking protocols more than anything.

I understand and agree about the open port, however I would have the source port available internally only, not to other incoming users.

eg.

MUSHclient --> openssl port 4567 -> FuzzBall 8888

Thus the openssl (or whatever) is on the local PC however only listening on port 4567 for localhost connections not internet connections.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top
Posted by Gedrean   USA  (12 posts)  [Biography] bio
Date Reply #14 on Tue 05 Nov 2002 11:51 AM (UTC)
Message
Okay I'm a little frightened that you compiled it all yourself but okay.

You can force openSSL to be a localhost only client? If that's the case then damn the odds I'm getting openSSL for windows, and if I can get it to work I'll post my results (YMMV of course) and EOT.:)
I'm not special! I just code my brains out for you!
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.

77,424 views.

This is page 1, subject is 2 pages long: 1 2  [Next page]

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page

Go to topic:           Search the forum

[Go to top] top

Quick links: MUSHclient. MUSHclient help. Forum shortcuts. Posting templates. Lua modules. Lua documentation.

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

[Home]

Written by Nick Gammon - 5K   profile for Nick Gammon on Stack Exchange, a network of free, community-driven Q&A sites   Marriage equality

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( https://gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Hosted at HostDash]