New Official Allstar Distribution Released

App_rpt-users
1

A new official Allstar Link Distribution is now available.

It is called “DIAL” (Debian Install (for) Allstar Link).

It is based on ‘Debian Jessie’, and supports a number of modern motherboards
and other hardware configurations, of which the “Old Standard” (ACID) distro
sadly fell short.

It runs a VERY modern 3.X Linux kernel and DAHDI (as opposed to Zaptel, as was
in the ACID distro).

The ISO (installation) image may be downloaded at:

http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso

Download the image, “burn” it to a CD or USB stick, install it, let it do its
“installation stuff” (it reboots once or twice), and then, finally log in as
‘root’ with the password ‘debian’. You will be taken through a script with
a few questions, and then it will be ready to use.

This is a result of a great deal of diligent work by Steve Zingman, N4IRS and
Mike Zingman, N4IRR, without whom this would have not been possible.

Please express your gratitude to them for making this possible.

Jim, WB6NIL

2

As Jim himself would say, “Thanks, Dudes!”

N5ZUA
···

On 10/4/2015 10:00 PM, Jim Duuuude
wrote:

      A new official Allstar Link Distribution is now

available.

      Please express your gratitude to them for making this

possible.

      Jim, WB6NIL

_______________________________________________
3

I am very excited to try this out… in the next few days - Thanks!

···

On Sun, Oct 4, 2015 at 8:24 PM, Steve Agee n5zua@earthlink.net wrote:

As Jim himself would say, “Thanks, Dudes!”

N5ZUA


  On 10/4/2015 10:00 PM, Jim Duuuude

wrote:

      A new official Allstar Link Distribution is now

available.

      Please express your gratitude to them for making this

possible.

      Jim, WB6NIL

_______________________________________________

App_rpt-users mailing list

App_rpt-users@ohnosec.org

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”

You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

“Got Root?”

How many software engineers does it take to change a light bulb?

None. It’s a hardware problem.

Unix is user friendly. It’s just very particular about who it’s friends are.

WINDOWS: Will Install Needless Data On Whole System

MICROSOFT: Most Intelligent Customers Realize Our Software Only Fools Teenagers.

A ntennas
P oorly
P laced
L acks
E ngineering

The best way to accelerate a computer running Windows is at 9.81 m/s².

“I get paid to support Windows, I use Linux to get work done.”

4

A Big thank you!!

···

On Sun, Oct 4, 2015 at 10:00 PM, Jim Duuuude telesistant@hotmail.com wrote:

A new official Allstar Link Distribution is now available.

It is called “DIAL” (Debian Install (for) Allstar Link).

It is based on ‘Debian Jessie’, and supports a number of modern motherboards
and other hardware configurations, of which the “Old Standard” (ACID) distro
sadly fell short.

It runs a VERY modern 3.X Linux kernel and DAHDI (as opposed to Zaptel, as was
in the ACID distro).

The ISO (installation) image may be downloaded at:

http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso

Download the image, “burn” it to a CD or USB stick, install it, let it do its
“installation stuff” (it reboots once or twice), and then, finally log in as
‘root’ with the password ‘debian’. You will be taken through a script with
a few questions, and then it will be ready to use.

This is a result of a great deal of diligent work by Steve Zingman, N4IRS and
Mike Zingman, N4IRR, without whom this would have not been possible.

Please express your gratitude to them for making this possible.

Jim, WB6NIL

App_rpt-users mailing list

App_rpt-users@ohnosec.org

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”

You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

Loren Tedford (KC9ZHV)
Email: lorentedford@gmail.com

Main Line:1-631-686-8878 Option 1 for Loren.

Fax Line 1:1-618-551-2755

Fax Line 2:1-631-686-8892 (New Fax line)

Cell: 618-553-0806

http://www.lorentedford.com

http://www.kc9zhv.com

http://hub.kc9zhv.com

5

A BIG thank you for this nice release.

I am firing this in a VM machine today to check it… cant wait :wink:

···

Sent from my iPad

On Oct 4, 2015, at 11:00 PM, Jim Duuuude telesistant@hotmail.com wrote:

A new official Allstar Link Distribution is now available.

It is called “DIAL” (Debian Install (for) Allstar Link).

It is based on ‘Debian Jessie’, and supports a number of modern motherboards
and other hardware configurations, of which the “Old Standard” (ACID) distro
sadly fell short.

It runs a VERY modern 3.X Linux kernel and DAHDI (as opposed to Zaptel, as was
in the ACID distro).

The ISO (installation) image may be downloaded at:

http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso

Download the image, “burn” it to a CD or USB stick, install it, let it do its
“installation stuff” (it reboots once or twice), and then, finally log in as
‘root’ with the password ‘debian’. You will be taken through a script with
a few questions, and then it will be ready to use.

This is a result of a great deal of diligent work by Steve Zingman, N4IRS and
Mike Zingman, N4IRR, without whom this would have not been possible.

Please express your gratitude to them for making this possible.

Jim, WB6NIL

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

6

I have been running this for a few months now with no issues at all. Very stable and it uses much less memory.

···

Thanks for all the hard work from both Steve n4irs and the dude for making all this possible!

Sent from my iPhone

On Oct 5, 2015, at 7:35 AM, pete M petem001@hotmail.com wrote:

A BIG thank you for this nice release.

I am firing this in a VM machine today to check it… cant wait :wink:

Sent from my iPad

On Oct 4, 2015, at 11:00 PM, Jim Duuuude telesistant@hotmail.com wrote:

A new official Allstar Link Distribution is now available.

It is called “DIAL” (Debian Install (for) Allstar Link).

It is based on ‘Debian Jessie’, and supports a number of modern motherboards
and other hardware configurations, of which the “Old Standard” (ACID) distro
sadly fell short.

It runs a VERY modern 3.X Linux kernel and DAHDI (as opposed to Zaptel, as was
in the ACID distro).

The ISO (installation) image may be downloaded at:

http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso

Download the image, “burn” it to a CD or USB stick, install it, let it do its
“installation stuff” (it reboots once or twice), and then, finally log in as
‘root’ with the password ‘debian’. You will be taken through a script with
a few questions, and then it will be ready to use.

This is a result of a great deal of diligent work by Steve Zingman, N4IRS and
Mike Zingman, N4IRR, without whom this would have not been possible.

Please express your gratitude to them for making this possible.

Jim, WB6NIL

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

7

Is DIAL the official version based on Steves N4IRS’ Bare Metal
install polished??

If so, great. The last version of the Bare Metal install worked well

for me.

Sounds good! Will give it a shot. Like the USB install option!!

Jon VA3RQ
···

On 10/5/2015 7:43 AM, Corey Dean wrote:

    I have been running this for a few months now with no issues

at all. �Very stable and it uses much less memory.

    Thanks for all the hard work from

both Steve n4irs and the dude for making all this possible!

    Sent from my iPhone

    On Oct 5, 2015, at 7:35 AM, pete M <petem001@hotmail.com        >

wrote:

A BIG thank you for this nice release.�

        I am firing this in a VM machine today to check it.. cant

wait :wink:

        Sent from my iPad

        On Oct 4, 2015, at 11:00 PM, Jim Duuuude <            >

wrote:

              A new official Allstar Link Distribution

is now available.

              It is called "DIAL" (Debian Install (for) Allstar

Link).

              It is based on 'Debian Jessie', and supports a number

of modern motherboards

              and other hardware configurations, of which the "Old

Standard" (ACID) distro

              sadly fell short.



              It runs a VERY modern 3.X Linux kernel and DAHDI (as

opposed to Zaptel, as was

              in the ACID distro).



              The ISO (installation) image may be downloaded at:



              [http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso](http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso)



              Download the image, "burn" it to a CD or USB stick,

install it, let it do its

              "installation stuff" (it reboots once or twice), and

then, finally log in as

              'root' with the password 'debian'. You will be taken

through a script with

              a few questions, and then it will be ready to use.





              This is a result of a great deal of diligent work by

Steve Zingman, N4IRS and

              Mike Zingman, N4IRR, without whom this would have not

been possible.

              Please express your gratitude to them for making this

possible.

              Jim, WB6NIL

          App_rpt-users mailing list

          App_rpt-users@ohnosec.org

          [http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)



          To unsubscribe from this list please visit [](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)
            and scroll down to the bottom of the page. Enter your

email address and press the “Unsubscribe or edit options
button”

                          You do not need a password to unsubscribe, you can

do it via email confirmation. If you have trouble
unsubscribing, please send a message to the list
detailing the problem.

      App_rpt-users mailing list

      App_rpt-users@ohnosec.org

      [http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)



      To unsubscribe from this list please visit [](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)
        and scroll down to the bottom of the page. Enter your email

address and press the “Unsubscribe or edit options button”

                  You do not need a password to unsubscribe, you can do it

via email confirmation. If you have trouble unsubscribing,
please send a message to the list detailing the problem.




_______________________________________________
App_rpt-users mailing list
To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

telesistant@hotmail.com

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usersApp_rpt-users@ohnosec.orghttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

8

Jon,

It's version 1.0 with all that implies. It's better in some areas

under the hood. The node setup scripts are now included along with
more information to the user during install. root login via SSH is
now allowed. SSH is listening on port 222. I still expect bugs and
will squash them as quickly as possible. I also still want to hear
from users with ideas. The same concepts used on the x86 will be
applied to future platforms and SBC systems, some of them already in
testing .

73, Steve N4IRS
···

On 10/5/2015 8:29 AM, Jon Rorke wrote:

  Is DIAL the official version based on Steves N4IRS' Bare Metal

install polished??

  If so, great. The last version of the Bare Metal install worked

well for me.

  Sounds good! Will give it a shot. Like the USB install option!!



  Jon VA3RQ

    On 10/5/2015 7:43 AM, Corey Dean

wrote:

      I have been running this for a few months now with no

issues at all. �Very stable and it uses much less memory.

      Thanks for all the hard work from

both Steve n4irs and the dude for making all this possible!

      Sent from my iPhone

      On Oct 5, 2015, at 7:35 AM, pete M <
      >

wrote:

A BIG thank you for this nice release.�

          I am firing this in a VM machine today to check it..

cant wait :wink:

          Sent from my iPad

          On Oct 4, 2015, at 11:00 PM, Jim Duuuude <>

wrote:

                A new official Allstar Link

Distribution is now available.

                It is called "DIAL" (Debian Install (for) Allstar

Link).

                It is based on 'Debian Jessie', and supports a

number of modern motherboards

                and other hardware configurations, of which the "Old

Standard" (ACID) distro

                sadly fell short.



                It runs a VERY modern 3.X Linux kernel and DAHDI (as

opposed to Zaptel, as was

                in the ACID distro).



                The ISO (installation) image may be downloaded at:



                [http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso](http://dl.allstarlink.org/dial/dial-allstar-netinstall.iso)



                Download the image, "burn" it to a CD or USB stick,

install it, let it do its

                "installation stuff" (it reboots once or twice), and

then, finally log in as

                'root' with the password 'debian'. You will be taken

through a script with

                a few questions, and then it will be ready to use.





                This is a result of a great deal of diligent work by

Steve Zingman, N4IRS and

                Mike Zingman, N4IRR, without whom this would have

not been possible.

                Please express your gratitude to them for making

this possible.

                Jim, WB6NIL

            App_rpt-users mailing list

            App_rpt-users@ohnosec.org

            [http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)



                              To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your

email address and press the “Unsubscribe or edit
options button”

                              You do not need a password to unsubscribe, you can

do it via email confirmation. If you have trouble
unsubscribing, please send a message to the list
detailing the problem.

        App_rpt-users mailing list

        App_rpt-users@ohnosec.org

        [http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users](http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users)



                      To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your

email address and press the “Unsubscribe or edit options
button”

                      You do not need a password to unsubscribe, you can do

it via email confirmation. If you have trouble
unsubscribing, please send a message to the list detailing
the problem.




_______________________________________________
App_rpt-users mailing list
To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

petem001@hotmail.com

telesistant@hotmail.com

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usersApp_rpt-users@ohnosec.orghttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users


_______________________________________________
App_rpt-users mailing list
To unsubscribe from this list please visit and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

App_rpt-users@ohnosec.orghttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usershttp://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

9

Thanks for all of your efforts!

Dave N

···

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

10

Cool, Is the rolling your own still supported? most of the reason I rolled my
own was to run on Debian in the first place.

Also, root login supported :frowning: that's just a bad idea.

Thanks for the awesome work. I know I've asked about the progress being made,
if any, to get app_rpt back into mainline asterisk in the past. Has anything
been happening on this front?

73's

···

On 10/5/15 8:40 AM, Steve Zingman wrote:

It's version 1.0 with all that implies. It's better in some areas under the
hood. The node setup scripts are now included along with more information to
the user during install. root login via SSH is now allowed.

--
Bryan Fields

727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net

11

Bryan,
app_rpt.c and associated programs do not work with the newer versions of
asterisk. The last release of asterisk that included app_rpt.c was
1.8.11.1, and while it compiles and loads, it is pretty outdated and
doesn't work.

Looking at the code (app_rpt.c and asterisk itself), and reading the
forums that the asterisk developers post to, and considering that DAHDI
needs to have some patches applied to it for it to work with app_rpt.c
under asterisk, I can understand why Jim et all decided to fork the distro.

-Stacy
KG7QIN

···

On 10/05/2015 11:56 AM, Bryan Fields wrote:

On 10/5/15 8:40 AM, Steve Zingman wrote:

It's version 1.0 with all that implies. It's better in some areas under the
hood. The node setup scripts are now included along with more information to
the user during install. root login via SSH is now allowed.

Cool, Is the rolling your own still supported? most of the reason I rolled my
own was to run on Debian in the first place.

Also, root login supported :frowning: that's just a bad idea.

Thanks for the awesome work. I know I've asked about the progress being made,
if any, to get app_rpt back into mainline asterisk in the past. Has anything
been happening on this front?

73's

12

Bryan,
Yes, rolling you own is still supported. I will continue to provide scripts and patches to install AllStar Asterisk on Debian. My scripts and patches will remain at <https://github.com/N4IRS/AllStar&gt;

DIAL is a really a Debian netinstall that sets up to download and install asterisk on first boot. It makes a number of assumptions of how a bare metal machine should be configured and downloads the source to DAHDI and Asterisk (From the SVN) to build a functional node.

The decision to support root login has it's pluses and minuses. To retain compatibility with ACID it is enabled by default. During the testing of the image I had quite a few people needing help to login and edit files using tools like WinSCP. As you well know, it's trivial to turn off and I may add a question to the node setup scripts to make it easy to swap.

My plate is quite full right now with 1.0 of DIAL, A brand new Android IAX client and preparations to update the PiStar and other SBC Debian images to mirror DIAL.
If someone wants to tackle getting current Asterisk working with app_rpt I'll provide whatever I can. I know in the past it has been said it is not possible .

73, Steve N4IRS

···

On 10/05/2015 02:56 PM, Bryan Fields wrote:

On 10/5/15 8:40 AM, Steve Zingman wrote:

It's version 1.0 with all that implies. It's better in some areas under the
hood. The node setup scripts are now included along with more information to
the user during install. root login via SSH is now allowed.

Cool, Is the rolling your own still supported? most of the reason I rolled my
own was to run on Debian in the first place.

Also, root login supported :frowning: that's just a bad idea.

Thanks for the awesome work. I know I've asked about the progress being made,
if any, to get app_rpt back into mainline asterisk in the past. Has anything
been happening on this front?

73's

--
"Anything is possible if you don't know what you are talking about."
1st Law of Logic

13

Steve,
I didn't want to say anything (since I haven't had a chance to call Jim
yet), but since people are asking-- I've already started the port of the
latest app_rpt.c (0.325) from the repository to asterisk 1.8-currenr
(1.8.32.3), which is why I made the comment earlier.

So far, having hacked back in some code that was removed from asterisk,
I've been able to get app_rpt.c to answer, send telemetry, etc. What it
doesn't do, and I haven't worked on this in several days, is be able to
"dial" other systems and connect people once someone has connected to
it. The program times out before detecting that the other end has
responded and reports a connection failure. I've narrowed down the code
that does the connection, processes the call and reports the failure. I
have some ideas on what is causing it, but won't be able to look until a
few more days.

-Stacy
KG7QIN

···

On 10/05/2015 01:00 PM, Steve Zingman wrote:

Bryan,
Yes, rolling you own is still supported. I will continue to provide
scripts and patches to install AllStar Asterisk on Debian. My scripts
and patches will remain at <https://github.com/N4IRS/AllStar&gt;

DIAL is a really a Debian netinstall that sets up to download and
install asterisk on first boot. It makes a number of assumptions of
how a bare metal machine should be configured and downloads the source
to DAHDI and Asterisk (From the SVN) to build a functional node.

The decision to support root login has it's pluses and minuses. To
retain compatibility with ACID it is enabled by default. During the
testing of the image I had quite a few people needing help to login
and edit files using tools like WinSCP. As you well know, it's trivial
to turn off and I may add a question to the node setup scripts to make
it easy to swap.

My plate is quite full right now with 1.0 of DIAL, A brand new Android
IAX client and preparations to update the PiStar and other SBC Debian
images to mirror DIAL.
If someone wants to tackle getting current Asterisk working with
app_rpt I'll provide whatever I can. I know in the past it has been
said it is not possible .

73, Steve N4IRS

On 10/05/2015 02:56 PM, Bryan Fields wrote:

On 10/5/15 8:40 AM, Steve Zingman wrote:

It's version 1.0 with all that implies. It's better in some areas
under the
hood. The node setup scripts are now included along with more
information to
the user during install. root login via SSH is now allowed.

Cool, Is the rolling your own still supported? most of the reason I
rolled my
own was to run on Debian in the first place.

Also, root login supported :frowning: that's just a bad idea.

Thanks for the awesome work. I know I've asked about the progress
being made,
if any, to get app_rpt back into mainline asterisk in the past. Has
anything
been happening on this front?

73's

14

I agree with Stacy here. I use asterisk only as a platform for app rpt.
I have not felt the need to use features in later versions for a repeater controller remote base or ROIP endpoint. I'm sure others will disagree, I only speak for myself.
If there are security issues that need to be addressed, we need to find them and squash them if they cause a real concern.

I have to go for the joke here, put a fork in it it's done. :wink:

73, Steve N4IRS

···

On 10/05/2015 03:44 PM, Stacy wrote:

Bryan,
app_rpt.c and associated programs do not work with the newer versions of
asterisk. The last release of asterisk that included app_rpt.c was
1.8.11.1, and while it compiles and loads, it is pretty outdated and
doesn't work.

Looking at the code (app_rpt.c and asterisk itself), and reading the
forums that the asterisk developers post to, and considering that DAHDI
needs to have some patches applied to it for it to work with app_rpt.c
under asterisk, I can understand why Jim et all decided to fork the distro.

-Stacy
KG7QIN

On 10/05/2015 11:56 AM, Bryan Fields wrote:

On 10/5/15 8:40 AM, Steve Zingman wrote:

It's version 1.0 with all that implies. It's better in some areas under the
hood. The node setup scripts are now included along with more information to
the user during install. root login via SSH is now allowed.

Cool, Is the rolling your own still supported? most of the reason I rolled my
own was to run on Debian in the first place.

Also, root login supported :frowning: that's just a bad idea.

Thanks for the awesome work. I know I've asked about the progress being made,
if any, to get app_rpt back into mainline asterisk in the past. Has anything
been happening on this front?

73's

_______________________________________________
App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

--
"Anything is possible if you don't know what you are talking about."
1st Law of Logic

15

I would like to see new versions of Asterisk supported for one reason… webRTC. That would allow us to replace the crappy Java Webtransceiver with modern web apps, built into Allmon for example.

···

On Mon, Oct 5, 2015 at 1:10 PM, Steve Zingman szingman@msgstor.com wrote:

I agree with Stacy here. I use asterisk only as a platform for app rpt.

I have not felt the need to use features in later versions for a repeater controller remote base or ROIP endpoint. I’m sure others will disagree, I only speak for myself.

If there are security issues that need to be addressed, we need to find them and squash them if they cause a real concern.

I have to go for the joke here, put a fork in it it’s done. :wink:

73, Steve N4IRS

On 10/05/2015 03:44 PM, Stacy wrote:

Bryan,

app_rpt.c and associated programs do not work with the newer versions of

asterisk. The last release of asterisk that included app_rpt.c was

1.8.11.1, and while it compiles and loads, it is pretty outdated and

doesn’t work.

Looking at the code (app_rpt.c and asterisk itself), and reading the

forums that the asterisk developers post to, and considering that DAHDI

needs to have some patches applied to it for it to work with app_rpt.c

under asterisk, I can understand why Jim et all decided to fork the distro.

-Stacy

KG7QIN

On 10/05/2015 11:56 AM, Bryan Fields wrote:

On 10/5/15 8:40 AM, Steve Zingman wrote:

It’s version 1.0 with all that implies. It’s better in some areas under the

hood. The node setup scripts are now included along with more information to

the user during install. root login via SSH is now allowed.
Cool, Is the rolling your own still supported? most of the reason I rolled my

own was to run on Debian in the first place.

Also, root login supported :frowning: that’s just a bad idea.

Thanks for the awesome work. I know I’ve asked about the progress being made,

if any, to get app_rpt back into mainline asterisk in the past. Has anything

been happening on this front?

73’s

App_rpt-users mailing list

App_rpt-users@ohnosec.org

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”

You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

“Anything is possible if you don’t know what you are talking about.”

1st Law of Logic

App_rpt-users mailing list

App_rpt-users@ohnosec.org

http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”

You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

Tim

16

This is a bad idea. Root should *never* be allowed to login to a system remotely. It's better to log in as a normal user and then become root via su, sudo, etc.

- Dave

···

On 10/05/2015 08:40 AM, Steve Zingman wrote:

root login via SSH is now allowed

--
David Andrzejewski - KD8TWG
Assistant Emergency Coordinator - Geauga County, Ohio
Technical Specialist - Ohio Section
ARRL - The National Association for Amateur Radio�
david@kd8twg.net

17 
Dave,
Let's say I agree with you. And I well may.
On most internet exposed machines, I don't even allow ssh unless I trust your address or require a VPN. I agree is common practice to not allow it.
Now the question is why?
As John McLaughlin would say, DISCUSS!

<details class='elided'>
<summary title='Show trimmed content'>&#183;&#183;&#183;</summary>

– “Anything is possible if you don’t know what you are talking about.”
1st Law of Logic


</details>
18

Direct root login being disallowed IF there were no other way to get full root privileges (not the case here) was considered best practice. However in almost every case there is a user (on Raspbian user pi) that can simply login, sudo -s and do whatever they want. Yes it puts up a small hurdle but I don’t see it as a serious one.

In short, there is almost no setup that will allow you to completely lock out root with the exception of a few well designed appliances. And that means someone is out there doing support to get things resolved. This system is not of that flavor and root is necessary for many things so frankly adding a hurdle or two really doesn’t appreciably make the system more secure.

Require a long pass phrase (say 20 mixed characters or so) and this whole thing is moot…

And BTW - putting sshd on port 222 (or anything except 22) is security by obscurity - many tools can find standard protocols on non-standard ports :slight_smile: (I know, I wrote one)

The best bet is to not allow ssh at all. If that is not feasible then do the su or sudo thing and/or set up an intermediate system such that you access a non-privileged account on system A, then ssh to system B and system B will ONLY accept ssh from system A. Still can be beaten but it is a bit harder…

And BTW - I have done infosec for about 20 years so I am allowed to have an opinion on this topic :slight_smile:

Steven Donegan
KK6IVC General Class FCC License
Silver State Car #86
www.sscc.us

···

From: Steve Zingman szingman@msgstor.com
To: "app_rpt-users@ohnosec.org" app_rpt-users@ohnosec.org
Sent: Monday, October 5, 2015 2:24 PM
Subject: [App_rpt-users] New Official Allstar Distribution Released (DIAL)

Dave,
Let's say I agree with you. And I well may.
On most internet exposed machines, I don't even allow ssh unless I trust your address or require a VPN. I agree is common practice to not allow it.
Now the question is why?
As John McLaughlin would say, DISCUSS!
On 10/05/2015 08:40 AM, Steve Zingman wrote:
> *root login via SSH is now allowed*
> This is a bad idea. Root should *never* be allowed to login to a system > remotely. It's better to log in as a normal user and then become root > via su, sudo, etc.
> - Dave

-- "Anything is possible if you don't know what you are talking about."
1st Law of Logic

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

19

Using a jump box as you describe is one way…not allowing SSH from the outside adds a layer; setting up a secue VDI capability to the jumpbox over a vpn is yet a third way…;).

···

my rule: if it’s exposed to the net, it’s potentially vulnerable. Just turn on your SIP port and pop some popcorn to see…:wink:


Bryan

Sent from my iPhone 5…No electrons were harmed in the sending of this message.

On Oct 5, 2015, at 17:39, Steven Donegan donegan@donegan.org wrote:

Direct root login being disallowed IF there were no other way to get full root privileges (not the case here) was considered best practice. However in almost every case there is a user (on Raspbian user pi) that can simply login, sudo -s and do whatever they want. Yes it puts up a small hurdle but I don’t see it as a serious one.

In short, there is almost no setup that will allow you to completely lock out root with the exception of a few well designed appliances. And that means someone is out there doing support to get things resolved. This system is not of that flavor and root is necessary for many things so frankly adding a hurdle or two really doesn’t appreciably make the system more secure.

Require a long pass phrase (say 20 mixed characters or so) and this whole thing is moot…

And BTW - putting sshd on port 222 (or anything except 22) is security by obscurity - many tools can find standard protocols on non-standard ports :slight_smile: (I know, I wrote one)

The best bet is to not allow ssh at all. If that is not feasible then do the su or sudo thing and/or set up an intermediate system such that you access a non-privileged account on system A, then ssh to system B and system B will ONLY accept ssh from system A. Still can be beaten but it is a bit harder…

And BTW - I have done infosec for about 20 years so I am allowed to have an opinion on this topic :slight_smile:

Steven Donegan
KK6IVC General Class FCC License
Silver State Car #86
www.sscc.us

From: Steve Zingman szingman@msgstor.com
To:app_rpt-users@ohnosec.orgapp_rpt-users@ohnosec.org
Sent: Monday, October 5, 2015 2:24 PM
Subject: [App_rpt-users] New Official Allstar Distribution Released (DIAL)

Dave,
Let's say I agree with you. And I well may.
On most internet exposed machines, I don't even allow ssh unless I trust your address or require a VPN. I agree is common practice to not allow it.
Now the question is why?
As John McLaughlin would say, DISCUSS!
On 10/05/2015 08:40 AM, Steve Zingman wrote:
> *root login via SSH is now allowed*
> This is a bad idea. Root should *never* be allowed to login to a system > remotely. It's better to log in as a normal user and then become root > via su, sudo, etc.
> - Dave

-- "Anything is possible if you don't know what you are talking about."
1st Law of Logic

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

20

Using certificates for ssh is yet another method :slight_smile:

Steven Donegan
KK6IVC General Class FCC License
Silver State Car #86

···

From: Bryan D. Boyle bdboyle@bdboyle.com
To: Steven Donegan donegan@donegan.org
Cc: Steve Zingman szingman@msgstor.com; “app_rpt-users@ohnosec.orgapp_rpt-users@ohnosec.org
Sent: Monday, October 5, 2015 2:49 PM
Subject: Re: [App_rpt-users] New Official Allstar Distribution Released (DIAL)

Using a jump box as you describe is one way…not allowing SSH from the outside adds a layer; setting up a secue VDI capability to the jumpbox over a vpn is yet a third way…;).

my rule: if it’s exposed to the net, it’s potentially vulnerable. Just turn on your SIP port and pop some popcorn to see…:wink:


Bryan

Sent from my iPhone 5…No electrons were harmed in the sending of this message.

On Oct 5, 2015, at 17:39, Steven Donegan donegan@donegan.org wrote:

Direct root login being disallowed IF there were no other way to get full root privileges (not the case here) was considered best practice. However in almost every case there is a user (on Raspbian user pi) that can simply login, sudo -s and do whatever they want. Yes it puts up a small hurdle but I don’t see it as a serious one.

In short, there is almost no setup that will allow you to completely lock out root with the exception of a few well designed appliances. And that means someone is out there doing support to get things resolved. This system is not of that flavor and root is necessary for many things so frankly adding a hurdle or two really doesn’t appreciably make the system more secure.

Require a long pass phrase (say 20 mixed characters or so) and this whole thing is moot…

And BTW - putting sshd on port 222 (or anything except 22) is security by obscurity - many tools can find standard protocols on non-standard ports :slight_smile: (I know, I wrote one)

The best bet is to not allow ssh at all. If that is not feasible then do the su or sudo thing and/or set up an intermediate system such that you access a non-privileged account on system A, then ssh to system B and system B will ONLY accept ssh from system A. Still can be beaten but it is a bit harder…

And BTW - I have done infosec for about 20 years so I am allowed to have an opinion on this topic :slight_smile:

Steven Donegan
KK6IVC General Class FCC License
Silver State Car #86
www.sscc.us

From: Steve Zingman szingman@msgstor.com
To:app_rpt-users@ohnosec.orgapp_rpt-users@ohnosec.org
Sent: Monday, October 5, 2015 2:24 PM
Subject: [App_rpt-users] New Official Allstar Distribution Released (DIAL)

Dave,
Let's say I agree with you. And I well may.
On most internet exposed machines, I don't even allow ssh unless I trust your address or require a VPN. I agree is common practice to not allow it.
Now the question is why?
As John McLaughlin would say, DISCUSS!
On 10/05/2015 08:40 AM, Steve Zingman wrote:
> *root login via SSH is now allowed*
> This is a bad idea. Root should *never* be allowed to login to a system > remotely. It's better to log in as a normal user and then become root > via su, sudo, etc.
> - Dave

-- "Anything is possible if you don't know what you are talking about."
1st Law of Logic

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.