UnrealIRCd Forums

[Syzop]

unless, as you pointed out, the dumbasses use "*"

Actually I do use that, or.. options::nohostcheck which basically means the same in this context. I need to, since I and the server I link to have both dynamic IPs. So not having "IP checks" isn't that uncommon.

Anyway, to summarize.. choose good passwords, and use SSL if you can. Don't rely on IPs for authentication.
I don't understand why people don't choose good passwords for link blocks anyway, you don't even have to remember the password.. you only have to store it on 2 sides and then you can forget about it ;).

[pomme]

Well, this is why I wanted to make a module for opers to do a challenge/response login. Challenge/response authentication is one method of authentication recommended by CERT.ORG, and is believed by many to be far more secure than any other method. I've started with a simple one that works for one oper, but for the module to work the way it should, I'd need to have a new conf item placed in the oper {} block.

1) The (public) key's filename is stored in the oper::password item as a string. A new authtype will also be needed to ensure people cannot do /oper name /path/to/keyfile.

2) I also need an item in the oper {} block that cannot be used, perhaps one that is hidden, which will store the contents of the key for each oper {} block. This would be like RSA *key.

I've put this feature request in the bug reports, but I guess it won't get added. I can alternatively have the keyfile loaded each time someone tries to challenge, but that would badly kill the CPU if flooded (even with a slow flood). It's best to load/reload the key when you /rehash, and when the server starts.

[katsklaw]

ircd-ratbox does something to this effect already if you need source code examples.

[jenga201]

I worked through all of the other problems i've had, but i'm not sure what to do about this one.

The only error my two servers gives me is that a server numeric is colliding.

I know it's not supposed to be the same number. My server1 has a numeric of 203 and my server2 has a numeric of 189.

I've tried many different combinations, and it's always the same error.

Server1--me block has numeric 203
link irc.revos-host.net {
username *;
hostname (IP of Server2);
bind-ip *;
port 10000;
hub *;
password-connect "password";
password-receive "password";
class servers;
options {
autoconnect;
};
};

Server2--me block has numeric 189
link irc.saiyan.net {
username *;
hostname (Ip of Server1);
bind-ip *;
port 10000;
hub *;
password-connect "password";
password-receive "password";
class servers;
options {
autoconnect;
};
};


Thank you

[Dukat]

Please open a new thread for a new problem...


Anyway - you have to restart the servers after editing the me block.

[jenga201]

Thank you for that advice. I didn't know i had to restart the server, i thought i just had to rehash it.

Sorry about not starting a new thread, but i thought there was enough threads pertaining to this topic.

[ARcanUSNUMquam]

Code: Select all

link server2.yourdomain.tld{
   username *;
   hostname 5.6.7.8;
   bind-ip *;
   port 8097;
   hub *;
   password-connect "LiNk";
   password-receive "LiNk";
   class servers;
};

Code: Select all

link server1.yourdomain.tld{
   username *;
   hostname 1.2.3.4;
   bind-ip *;
   port 8067;
   hub *;
   password-connect "LiNk";
   password-receive "LiNk";
   class servers;
};

You're missing a space in between the server names and the {. Is that an error, or am I making a newbie mistake?

I'm thinking it should be:

Code: Select all

link server2.yourdomain.tld {
   username *;
   hostname 5.6.7.8;
   bind-ip *;
   port 8097;
   hub *;
   password-connect "LiNk";
   password-receive "LiNk";
   class servers;
};

and

Code: Select all

link server1.yourdomain.tld {
   username *;
   hostname 1.2.3.4;
   bind-ip *;
   port 8067;
   hub *;
   password-connect "LiNk";
   password-receive "LiNk";
   class servers;
};

[Ron2K]

Corrected, thanks for the report. (I'm surprised that no-one noticed this earlier...)

I think I might also add information about backup links (the deny link block one) and circular topologies (which can't happen), which seems to have been asked a lot lately. Watch this space.

EDIT: Done.

[SajaN]

Link denied for indianfriends.no-ip.info(unknown@84.242.10.194) (Server is in link block but IP/host didn't match) [@84.242.10.1944]



That's my erroor while linking servers
So any one can help me out there?

[Stealth]

Link denied for indianfriends.no-ip.info(unknown@84.242.10.194) (Server is in link block but IP/host didn't match) [@84.242.10.1944]

That's my erroor while linking servers
So any one can help me out there?

Please start a new tread for this!

I think it is time someone locks this thread, so I will.