Pass the username in authorized_keys, not reading in uucico

Since all the passwords are trivially guessable, it is easy for
any authorized system to impersonate any other authorized system
at present.

This patch prevents that by hardcoding the username into the uucico
call based on the authorized key from ssh.  This causes the incoming
system to need to only present a password, hence the change to chat.

This change will break communication between nodes until all nodes
apply it.
This commit is contained in:
John Goerzen 2019-10-23 06:12:14 -05:00
parent a4e8993913
commit f6dc1b424a
2 changed files with 12 additions and 12 deletions

View File

@ -1,12 +1,12 @@
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp
restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage
restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail
restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp
restrict,command="/usr/sbin/uucico -u Uteam -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde
restrict,command="/usr/sbin/uucico -u Uvoyage -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqZ76dU/vwv4nvmYcRW/4HhJyJDWnI1yv/asY0MFsr1pLDRWZ+YgOs+Ss6KH3nxOF4yGJd1ODO2Sru2zzjdljegl00/wJ/HTAO2HI5HLPJzH5uRXk+M48YtbKPJFE3da87xRmySsaWJgwjDQhLGozfbDiiOe6ZeIgxfByrCfMKkRklkKhkBgbFalqEb5awFeVT7893qd6FQ5CZksHoBIrK8o4eN7TeDSCwx4Z4+xJEBNQQVU50ThEaDxCWdnzE2AZZGX0MbN3IM6VmWW4lBu/cxrx9o6Dkyap5iEd8orx+ddGcKA1rDaplvBhlXynEuotmlWs7UgR1Yv5FSMjOb6AH uucp@hadrian
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie
restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space
restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold
restrict,command="/usr/sbin/uucico -u Ucenter -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center
restrict,command="/usr/sbin/uucico -u Uinstitute -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute
restrict,command="/usr/sbin/uucico -u Uaussie -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie
restrict,command="/usr/sbin/uucico -u Uepfl -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch
restrict,command="/usr/sbin/uucico -u Ufrostbyte -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa
restrict,command="/usr/sbin/uucico -u Uradiofreqs -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space
restrict,command="/usr/sbin/uucico -u Ucaconym -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold

View File

@ -84,7 +84,7 @@ sub generateSys {
remote-receive /var/spool/uucppublic
time any
forward ANY
chat \"\" \\d\\d\\r\\c login: \\d\\L word: \\P
chat \"\" \\d\\d\\r\\c word: \\d\\P
chat-timeout 60
protocol t
port $currentNode