From 78fec632b69246264ff96bad8a1298db62bc0b29 Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Tue, 22 Oct 2019 10:09:00 -0500 Subject: [PATCH 1/7] Block rmail by default The default set of authorized commands is "rnews rmail" per the Taylor UUCP documentaiton. The way rmail works -- generally injecting a message in such a way that the MTA sees it as originating locally -- can open up a UUCP node to unahtorized mail relay attacks. Since it looks like rmail isn't being used across the Tilde UUCP right now, just block it by default. --- utils/bootstrap.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/bootstrap.pl b/utils/bootstrap.pl index c17b2d3..350d4e1 100755 --- a/utils/bootstrap.pl +++ b/utils/bootstrap.pl @@ -88,6 +88,7 @@ sub generateSys { chat-timeout 60 protocol t port $currentNode + commands rnews }; open(FH, '>>', $sysFile); From a4e8993913aebd665c02a46a1e29d4282c397a9f Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 12:12:40 -0500 Subject: [PATCH 2/7] Switch to "restrict" in authorized_keys Per the docs: restrict Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of ~/.ssh/rc. If any future restriction capabilities are added to authorized_keys files they will be included in this set. --- ssh/authorized_keys | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ssh/authorized_keys b/ssh/authorized_keys index 54bb5e5..b11da64 100644 --- a/ssh/authorized_keys +++ b/ssh/authorized_keys @@ -1,12 +1,12 @@ -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqZ76dU/vwv4nvmYcRW/4HhJyJDWnI1yv/asY0MFsr1pLDRWZ+YgOs+Ss6KH3nxOF4yGJd1ODO2Sru2zzjdljegl00/wJ/HTAO2HI5HLPJzH5uRXk+M48YtbKPJFE3da87xRmySsaWJgwjDQhLGozfbDiiOe6ZeIgxfByrCfMKkRklkKhkBgbFalqEb5awFeVT7893qd6FQ5CZksHoBIrK8o4eN7TeDSCwx4Z4+xJEBNQQVU50ThEaDxCWdnzE2AZZGX0MbN3IM6VmWW4lBu/cxrx9o6Dkyap5iEd8orx+ddGcKA1rDaplvBhlXynEuotmlWs7UgR1Yv5FSMjOb6AH uucp@hadrian -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space -no-port-forwarding,no-X11-forwarding,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp +restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqZ76dU/vwv4nvmYcRW/4HhJyJDWnI1yv/asY0MFsr1pLDRWZ+YgOs+Ss6KH3nxOF4yGJd1ODO2Sru2zzjdljegl00/wJ/HTAO2HI5HLPJzH5uRXk+M48YtbKPJFE3da87xRmySsaWJgwjDQhLGozfbDiiOe6ZeIgxfByrCfMKkRklkKhkBgbFalqEb5awFeVT7893qd6FQ5CZksHoBIrK8o4eN7TeDSCwx4Z4+xJEBNQQVU50ThEaDxCWdnzE2AZZGX0MbN3IM6VmWW4lBu/cxrx9o6Dkyap5iEd8orx+ddGcKA1rDaplvBhlXynEuotmlWs7UgR1Yv5FSMjOb6AH uucp@hadrian +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie +restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space +restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold From f6dc1b424a89855bed93aa6d91c37d157b76f5fa Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 06:12:14 -0500 Subject: [PATCH 3/7] Pass the username in authorized_keys, not reading in uucico Since all the passwords are trivially guessable, it is easy for any authorized system to impersonate any other authorized system at present. This patch prevents that by hardcoding the username into the uucico call based on the authorized key from ssh. This causes the incoming system to need to only present a password, hence the change to chat. This change will break communication between nodes until all nodes apply it. --- ssh/authorized_keys | 22 +++++++++++----------- utils/bootstrap.pl | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ssh/authorized_keys b/ssh/authorized_keys index b11da64..ed0fa16 100644 --- a/ssh/authorized_keys +++ b/ssh/authorized_keys @@ -1,12 +1,12 @@ -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp -restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage +restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail +restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp +restrict,command="/usr/sbin/uucico -u Uteam -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde +restrict,command="/usr/sbin/uucico -u Uvoyage -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqZ76dU/vwv4nvmYcRW/4HhJyJDWnI1yv/asY0MFsr1pLDRWZ+YgOs+Ss6KH3nxOF4yGJd1ODO2Sru2zzjdljegl00/wJ/HTAO2HI5HLPJzH5uRXk+M48YtbKPJFE3da87xRmySsaWJgwjDQhLGozfbDiiOe6ZeIgxfByrCfMKkRklkKhkBgbFalqEb5awFeVT7893qd6FQ5CZksHoBIrK8o4eN7TeDSCwx4Z4+xJEBNQQVU50ThEaDxCWdnzE2AZZGX0MbN3IM6VmWW4lBu/cxrx9o6Dkyap5iEd8orx+ddGcKA1rDaplvBhlXynEuotmlWs7UgR1Yv5FSMjOb6AH uucp@hadrian -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie -restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold +restrict,command="/usr/sbin/uucico -u Ucenter -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center +restrict,command="/usr/sbin/uucico -u Uinstitute -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute +restrict,command="/usr/sbin/uucico -u Uaussie -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie +restrict,command="/usr/sbin/uucico -u Uepfl -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch +restrict,command="/usr/sbin/uucico -u Ufrostbyte -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa +restrict,command="/usr/sbin/uucico -u Uradiofreqs -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space +restrict,command="/usr/sbin/uucico -u Ucaconym -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold diff --git a/utils/bootstrap.pl b/utils/bootstrap.pl index 350d4e1..84a7419 100755 --- a/utils/bootstrap.pl +++ b/utils/bootstrap.pl @@ -84,7 +84,7 @@ sub generateSys { remote-receive /var/spool/uucppublic time any forward ANY - chat \"\" \\d\\d\\r\\c login: \\d\\L word: \\P + chat \"\" \\d\\d\\r\\c word: \\d\\P chat-timeout 60 protocol t port $currentNode From 45724aa86a12c09626e1d35ad94867c7362feba8 Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 06:55:19 -0500 Subject: [PATCH 4/7] Document permissions for /etc/uucp --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c27ef84..f9a1458 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,9 @@ Provisioning a Tier 1 server is easy. Simply run the ./utils/bootstrap.pl file a ``` ./bootstrap.pl +mv call config passwd port sys /etc/uucp +chmod 0640 /etc/uucp/call /etc/uucp/passwd +chown -R uucp:uucp /etc/uucp ``` Setting up a leaf node is similar, however, you must edit the nodelist file with a single entry of the server that you are joining. You will need From b61398309abeba99b059bb981c27f447478f3c15 Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 07:10:33 -0500 Subject: [PATCH 5/7] Make sure to exit if a command fails in update script --- update.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/update.sh b/update.sh index e25ed64..664f7ac 100755 --- a/update.sh +++ b/update.sh @@ -1,6 +1,8 @@ #!/bin/bash +set -e + # "Updating Git" cd $HOME/uucp git pull --quiet From 4f5b52ca3c093c2e0896b41ec8417bcde627dcb4 Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 07:19:01 -0500 Subject: [PATCH 6/7] Support ssh on nonstandard ports Port 22 can be a target for portscanning, so for those that wish to listen elsewhere, support that by adding a field to nodelist --- nodelist | 20 ++++++++++---------- utils/bootstrap.pl | 6 ++++-- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/nodelist b/nodelist index 3622ea5..85085d2 100644 --- a/nodelist +++ b/nodelist @@ -1,10 +1,10 @@ -team,tilde.team -voyage,cosmic.voyage -center,tilde.center -dataforge,uucp.dataforge.tk -institute,tilde.institute -aussie,aussies.space -epfl,uucp.cothority.net -frostbyte,uucp.frostbyte.cc -radiofreqs,radiofreqs.space -caconym,dgold.eu +team,tilde.team,22 +voyage,cosmic.voyage,22 +center,tilde.center,22 +dataforge,uucp.dataforge.tk,22 +institute,tilde.institute,22 +aussie,aussies.space,22 +epfl,uucp.cothority.net,22 +frostbyte,uucp.frostbyte.cc,22 +radiofreqs,radiofreqs.space,22 +caconym,dgold.eu,22 diff --git a/utils/bootstrap.pl b/utils/bootstrap.pl index 84a7419..86c3474 100755 --- a/utils/bootstrap.pl +++ b/utils/bootstrap.pl @@ -35,7 +35,8 @@ sub getNodes { #$nodeName eq $myNode && continue my $nodeAddress = $fields[1]; - generatePort($nodeName,$nodeAddress); + my $nodePort = $fields[2]; + generatePort($nodeName,$nodeAddress,$nodePort); generateSys($nodeName); generateCall($nodeName); generatePasswd($nodeName); @@ -52,13 +53,14 @@ sub generatePort { my $nodeName = shift; my $nodeAddress = shift; + my $nodePort = shift; my $currentNode = ucfirst($nodeName); my $template = qq{ port $currentNode type pipe - command /usr/bin/ssh -a -x -q -i /var/spool/uucp/.ssh/id_rsa -l uucp $nodeAddress + command /usr/bin/ssh -a -x -q -i /var/spool/uucp/.ssh/id_rsa -l uucp -p $nodePort $nodeAddress reliable true protocol etyig }; From af06c03628f5e65cd22c6899e95b1ea1db722902 Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 07:36:42 -0500 Subject: [PATCH 7/7] No longer let remote systems request any file on the system Local users can still send any file that the uucp user has access to, but don't let remote systems get it all. --- utils/bootstrap.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/utils/bootstrap.pl b/utils/bootstrap.pl index 86c3474..5313e20 100755 --- a/utils/bootstrap.pl +++ b/utils/bootstrap.pl @@ -81,9 +81,9 @@ sub generateSys { call-password * called-login U$nodeName local-send / - local-receive /var/spool/uucppublic - remote-send / - remote-receive /var/spool/uucppublic + local-receive ~ + remote-send ~ + remote-receive ~ time any forward ANY chat \"\" \\d\\d\\r\\c word: \\d\\P @@ -102,7 +102,7 @@ sub generateConfig { open(FH, '>>',$confFile); - my $nodeConfig = "nodename\t\t".$nodeName."\n"; + my $nodeConfig = "nodename\t\t".$nodeName."\npubdir\t\t/var/spool/uucppublic\n"; print FH $nodeConfig; }