[Dxspider-support] Secure node to node connection proposal
Matthew Chambers
mchambers at mchambersradio.com
Sun Feb 26 11:16:16 GMT 2023
>
> > How do you do SSH over packet radio as that's still a real use case
> for the packet cluster?
> All we know that there is already a big hole on the system integrity,
> every can transmit with a fake callsign and both "humans" and skimmers
> will spot him wrong. It seems that this is inherently unavoidable. We
> will never be able to give 100% security, we can only try to raise the
> skills needed to have success.
Not talking about skimmers, talking about clients connecting via packet
radio to a node to receive and send spots as if it were telnet. In the
US, encryption would be illegal and you'd automatically kill those hams
that don't have internet at their operation location and rely on
1200baud VHF packet back to civilization to connect to the network.
>
>>
>> I think this proposal is throwing the baby out with the bath water
>> and will kill all but a handful of nodes as there won't be hardly any
>> logging programmers willing to rewrite their software to support SSH
>> so a lot of users will just go somewhere else. Telnet is somewhat
>> easy as it's just a TCP connection, but to have to involve keeping up
>> with OpenSSL or similar and not all programming environments natively
>> support SSH either.
> XDDDDDDD Never listened before that about babies!. Well as it has
> already been said, a lot of logger and contest softwares use different
> protocols to connect to several information sources or auto uploading
> logs (i.e. to QRZ.COM, LoTW, etc.) Why cannot be the same with cluster?
> Almost all that software runs on Linux or Windows, and both have
> native ssh support. In any case, they can keep on connecting and
> downloading info from the dx-cluster net.
Just because the OS supports SSH doesn't mean all software environments
can! For example for me to add SSH to a NodeJS based desktop app, I'd
have to pull in additional "node modules" or libraries which add
additional bloat to our software. This is likely true of many
programming environments. And I'm sure there are some out there that
have no option for SSH so their software will no longer be able to
participate.
Encrypted tunnels between nodes seems reasonable but SSH for end users
is too far. I might as well shut off my node at that point as would
probably the vast majority of sysops. Yeah you'd have a very secure
network with no traffic!
--
----
Matthew Chambers, CBRE
Amateur Operator NR0Q
Tulsa, OK - Tulsa ARC
GridTracker Development Team Lead
SBE Certified Broadcast Radio Engineer
--
The content of this email is confidential and intended for the
recipient
specified in message only. It is strictly forbidden to share
any part of
this message with any third party, without a written consent
of the
sender. If you received this message by mistake, please reply to
this
message and follow with its deletion, so that we can ensure such a
mistake
does not occur in the future.
Please do not print this email unless it is
necessary. Every unprinted email helps the environment.
More information about the Dxspider-support
mailing list