Hi, all. I'm running Mystic 1.12a48 on Linux64 and did some comprehensive testing on cryptlib. So far, cryptlib 3.4.5 is the only version that will create a ssl.cert file in the data directory. So, using that file, I tested every version of cryptlib from 3.4.5 to 3.4.9-1, compiled both in gcc-9, and gcc-13, then copied the built library into /mystic/libs/libcl.so. In all cases but 3.4.5, the ssh connection is closd immediately after it opens.

cryptlib 3.4.5 works, but only if you downgrade your ssh client to use aes256-cec as the cypher specification. Because that spec was replaced in later versions of cryptlib, it appears that Mystic is unable to properly initialize the ssh session.

Has anyone encountered this, and if not, how can we get the author to at very lease provide a patched MysticBBS so that users on modern ssh clients can connect to modern BBS's?

Thanks for your help!

-Winzlo

===
þ The Down-Lo BBS þ bbs.winzlo.com
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)

I dealt with this issue a few weeks ago while setting up a new Mystic BBS. I decided to use an SSH proxy, current and well supported, that forwards the connection to the telnet port on localhost. Thus my BBS is SSH only.

It's at gitlab/dps8m/proxy

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Last Telegraph Office (1:3634/62)

On 12 May 2026, Winzlo said the following...

Hi, all. I'm running Mystic 1.12a48 on Linux64 and did some
comprehensive testing on cryptlib. So far, cryptlib 3.4.5 is the only version that will create a ssl.cert file in the data directory. So,
using that file, I tested every version of cryptlib from 3.4.5 to
3.4.9-1, compiled both in gcc-9, and gcc-13, then copied the built

Yes, there is a writeup on the Mystic Wiki on what to do, g00r00 hasn't been around to update everything in about 2 years. Hopefully, he will get unbusy and start updating the software again soon..


|11 Bucko |14- |06Wrong Number Family Of BBS' |07- |03www.wrgnbr.com

... The seminar on time travel will be held two weeks ago

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Wrong Number Family Of BBS' - Wrong Number ][ (1:267/157)

I dealt with this issue a few weeks ago while setting up a new Mystic BBS. I decided to use an SSH proxy, current and well supported, that forwards the connection to the telnet port on localhost. Thus my BBS is SSH only.

It's at gitlab/dps8m/proxy

Yay! I'm glad other people are using this; it's awesome and updated often.
If you have problems with z-modem downloads, the authors added a switch (I think --no-filter) to stop the null characters from being ignored. You can also convert to utf-8 from cp437 with a switch. I have 2 ssh ports, one for cp437 and one for utf-8 because of that.

--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss, ssh utf-8) (22,23,110,21,119,999,2222) shsbbs.net FREQ Me!


*** THE READER V4.50 [freeware]
---
* Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (1:340/1101)

Re: Re: Broken SSH implementation
By: David Dalton to Winzlo on Tue May 12 2026 05:52 am

I dealt with this issue a few weeks ago while setting up a new Mystic BBS. I decided to use an SSH proxy, current and well supported, that forwards the connection to the telnet port on localhost. Thus my BBS is SSH only. It's at gitlab/dps8m/proxy

Thanks! I have an nginx proxy running already, so I'll see if I can get the same functionality to work on my end. Clever.

-Winzlo

===
þ The Down-Lo BBS þ bbs.winzlo.com
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)

Re: Re: Broken SSH implementation
By: Al DeRosa to Winzlo on Tue May 12 2026 06:24 pm

Yes, there is a writeup on the Mystic Wiki on what to do, g00r00 hasn't been around to update everything in about 2 years. Hopefully, he will get unbusy and start updating the software again soon..

Absolutely hope he does. It's really the only thing stopping a lot of people I know from setting up (or sticking with) MysticBBS. It was suggested that I use a SSH-to-telnet proxy to redirect SSH traffic, which would support the latest cyphers. I think that may be the route I go as well, so I can keep ftelnet on the website also pointing to the telnet port.

-Winzlo

===
þ The Down-Lo BBS þ bbs.winzlo.com
--- SBBSecho 3.37-Linux
* Origin: The Down-Lo BBS * bbs.winzlo.com (1:154/140)

I dealt with this issue a few weeks ago while setting up a new Mystic

BBS.

I decided to use an SSH proxy, current and well supported, that

forwards

the connection to the telnet port on localhost. Thus my BBS is SSH

only.

It's at gitlab/dps8m/proxy

Yay! I'm glad other people are using this; it's awesome and updated often. If you have problems with z-modem downloads, the authors
added a switch (I think --no-filter) to stop the null characters
from being ignored. You can also convert to utf-8 from cp437 with
a switch. I have 2 ssh ports, one for cp437 and one for utf-8
because of that.

Ok, in the latest version, --no-filter is the default option, so that flag is no longer working.

--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss, ssh utf-8) (22,23,110,21,119,999,2222) shsbbs.net FREQ Me!


*** THE READER V4.50 [freeware]
---
* Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (1:340/1101)

Ok, in the latest version, --no-filter is the default option, so that
flag is no longer working.

There are some subtle but good improvements in version 1.2 Now I'm hoping that the author will filter out whatever codes it is that cause Mystic (and other BBS software) to mangle terminal screens -- changing the window size, or making the window appear to be split.

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: The Last Telegraph Office (1:3634/62)