From f6dc1b424a89855bed93aa6d91c37d157b76f5fa Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Wed, 23 Oct 2019 06:12:14 -0500 Subject: [PATCH] Pass the username in authorized_keys, not reading in uucico Since all the passwords are trivially guessable, it is easy for any authorized system to impersonate any other authorized system at present. This patch prevents that by hardcoding the username into the uucico call based on the authorized key from ssh. This causes the incoming system to need to only present a password, hence the change to chat. This change will break communication between nodes until all nodes apply it. --- ssh/authorized_keys | 22 +++++++++++----------- utils/bootstrap.pl | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ssh/authorized_keys b/ssh/authorized_keys index b11da64..ed0fa16 100644 --- a/ssh/authorized_keys +++ b/ssh/authorized_keys @@ -1,12 +1,12 @@ -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp -restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage +restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqrOtLNKN033OeoJtkGMKgEev+tgVAuKvDa//thWkhjvqxi2QtJ7gO1L9LsGXKSCfRLFZYJp04Zkz9/8BywGmPYknGkz9dyKlSk6/cLQ5Dc1Y01KcikFbNW8SaL+B2upBO8tYGDiTcNWlmZj2bFzcaT/sSUATPBcmlAcQqXgLLcWfo5H4mG1Ghha0IKSyGYDuyWCHHE5V7+jPFIApNAPc0cF9gZGTv8mjxODNW66qLs7bMjNAL3T47qzIx2Mc1nKuZTmA//heZ2OvnDrg9aWKFDeyJV4ovkIdfyErKqk8rq7G1i2Q+Vy2uxHV9CYIWCJ3KXQTyGzt9KTYSRaGFXw9 uucp@mail +restrict,command="/usr/sbin/uucico -u Udataforge -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+ZXG9cN7CTPoUmxlJLPiAct7/z8uG43VK0TZUtNeaO35medG8DR8pflm+KHZstJZp11Vpqtg1lTotYy3BL91KLWWkHj/sKLeoEUdhtbprm0vkXrHxzcyoPkunOyvk91dZnwY/JpoHrJUKyDIZGz+vHQ7MFzRB+x+7Yodx+wiQqE7zXzi0AuRXmsKhJa/mV10ZhHGEPbWuFj+vj7qqmVhU+B5OkL/rr6F8iVB/oCiXShGUIMHCSlYSQj50a5LmD2/9Bwl2QcLrhrNF1inHIgzRpYsBl1peJpiE/1NRiQZneneog/DQQvlsumdpwHiM9T5RL9vGU42PBL4kxclZqspd uucp@uucp +restrict,command="/usr/sbin/uucico -u Uteam -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaPW5orOACAl5GdTtn7CYDH+aAyCqOSsf/QHdH3WFST uucp@tilde +restrict,command="/usr/sbin/uucico -u Uvoyage -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCENRbdhPRoI1c0dcQM8bqcpeEpq4dck8pRsGXRMCkwJBPMWk861nlx8H4hZsU7rpJAcgHGX3JwxEPEOGCC2vB4vv46K5eeiVkp5EmDH67K/9TjSzuX0qT+y6tECuXjB2dn3NQJpp0zh681hCszcjy8WxA4+a71HVfQPX2xE4Y6MCz7fTYaumXs9hpetVAgonzlP7W1h6zft+jAsrGDo8FrwAOCubw6/Ra1uAE5Ar3Gl8lLFe/eijjbjI2Y/MCZN3dacfqKH75MwY5E+3e7sRxrUaRtJ2sSiKmL+GqMEa916fxsJGlCu3tvVeUjsq3QEo/MI417l9tghOpOoSFaKNv uucp@cosmic.voyage restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqZ76dU/vwv4nvmYcRW/4HhJyJDWnI1yv/asY0MFsr1pLDRWZ+YgOs+Ss6KH3nxOF4yGJd1ODO2Sru2zzjdljegl00/wJ/HTAO2HI5HLPJzH5uRXk+M48YtbKPJFE3da87xRmySsaWJgwjDQhLGozfbDiiOe6ZeIgxfByrCfMKkRklkKhkBgbFalqEb5awFeVT7893qd6FQ5CZksHoBIrK8o4eN7TeDSCwx4Z4+xJEBNQQVU50ThEaDxCWdnzE2AZZGX0MbN3IM6VmWW4lBu/cxrx9o6Dkyap5iEd8orx+ddGcKA1rDaplvBhlXynEuotmlWs7UgR1Yv5FSMjOb6AH uucp@hadrian -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie -restrict,command="/usr/sbin/uucico -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space -restrict,command="/usr/sbin/uucico -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold +restrict,command="/usr/sbin/uucico -u Ucenter -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDp1sXCxtJ0ed240fNsqsrhXoZskKiEWTSnRPrvCpM+HByUJ4XvBy/L0LJNe1nWXg70N8tYZZTKfUsnrtWEEp8V/7/UalBSIUeSM/nf+TG9cYjBZepYwvrk4s7lsj6XD7Q5GtN3Iv1wBKwElRuuAJ8boajqa7zsjcW+miUTXbf1y/fpUomHhRdU3pnbGMe/vAUR82ex93/LQx66AbZVqyCvDDHFmLaWFZLkMaJ2aSQ0mK5g5OMuzU4P4tGkExTkh8XaIi5tABEF9eieAJC7WDt3XIN7KYott3lL8jh5x5qMQoK4lXMYIrd9ZS2KjHI27CgWfNcqRn6yXpgIebXLVMZ9 uucp@tilde.center +restrict,command="/usr/sbin/uucico -u Uinstitute -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAvleeZgYvqi4RrjEj7EwTZEJ3NMYnL+cF3nL/6oTzOQe7n9Yy8Usj4dmrMnxOgtqKJHR0qgPDEk0bzreys1UBsw8vHYTNqdrORa9J+hHiuxNL8GmB+aAKZrvzyfWi5YK/ON2sG0wfLaQM3/RYGGUli0wgoDwcUgGsuMwboUIfTRQ+a3jjfQdaw2JbKIH6hUlgKMe/eWJAGzo3GEWJ5t2NHILJFCCeBeXsbsOwTEYM6xt5BqOCMuTu5xadLFMfSttWcmGvF615G0rhy6jTpLkFvgboBXkmh1H8QNrvnTFF+MCBn5v+YQ7U6/ynebDMKxgpMHC1gvazCt1B6UgM7dIIOg7YcK7ZMDed10Sq2qVkZdDbncLizTkK78kmYqSrATj4T5mxi90mFD41XxC0p/lrW5CyDucGYYLWP6tGVbgEUE4MPO0ZV+p8i2QQS1FfD5VAa0b+v4Os5VEayL0HO1Wq6X55jTOd8MYGJ6+fWQRwvDIdyKVe7afz1hQ6CpPBYT3/603b6L8K3A8/MJDjeA1eu47LWsKE6hSr0859TiIxPVsBeDRBucEAX6Lz2p2gVg8kBbU9EhSe/O56NT1DezRlaDNT+R2/ALNoSeWkVoQ5u2FIv8FW1QeI1KvTaRUs1+/+mfthG7Hc0x5CEjTiBLAosyqrwS+5Qtdz7a/k2tWyXQ== uucp@tilde.institute +restrict,command="/usr/sbin/uucico -u Uaussie -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRo+3geI6OcpyEC3XufkKUQ193Y0Y4NR82EnCjojpraCRy9yazzCHzJIz/rhPzpJYiTJ3blNqyTIM3rfMg+mALehnNBJPi5h1tBC0Qv60aLGtsYDHrovIG1YNc9ln/nfAriisIXU+wWh8K0KOiDcvtHuLRZnUbGyDLBP8bp/Lku7bz+N8ucRvSdt5O0vDCv/AVsz9JIP5HBkUcY42PNM1rHAzWddVLJ1msQmyMnib6LyKJ5RAJJbSER6xXFpSDPHfKQsbr5XbPJT4P1KiI54jhwXBZddH4ZRyLiqTz16NYWDrYBeVHsLmFv8vL/j7/dzDyiV8okl+Nknb3aTXrQ1tb uucp@aussie +restrict,command="/usr/sbin/uucico -u Uepfl -l" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHc5n4OT1n52HbQir3ON0pwtkgTjTNKSlgDziSKhOdT jeff.allen@epfl.ch +restrict,command="/usr/sbin/uucico -u Ufrostbyte -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpJo1XBdJXecYZPkTrfX4MT25GQ3bm5pjrh3w2SV/h2x69zFrV1pB+MAJHpstY6mdK+4YjMZ8t4A3xRwuJT/LZegQf9vi0Bi4lY02an6jpLIoOXxp5xG2jwCYBURy70CBAG8FgRjqs5uUNf1l9skFfKke71p4FU/14LW0vj5K60L8Y/LlVVQCqxr1w790G/HHqFjsrGwN1Jt+nk8IbHr1Mfi5NAqsocbRUfhVsB8M2y+IlBUnxDFtw9LnehPBflESa2iISroDMYpzH1eg+zbrGKutzSUY4PMqwgSNDOTwwA8r+3rtXzf+QFR00y8gr5ZIho2rz2KjbLpzixTJ4W0px uucp@uucp.frostbyte.ccssh-rsa +restrict,command="/usr/sbin/uucico -u Uradiofreqs -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWl41JEIAWQpn2w/ius7CvBh379bCOB1OFljOcZAtOu4NN9RPK3v4qC8aWHm3icqPOZalDPsSTZ9uJ5ox8DZH+tvNtWiJeLPvu6NxyAyePBqlBaxkTC9yaBwgWFceGlqttMilo+ALxi5BleFlQxwOywxV1RdhzaMl0/MxeWBOHtKF6w/bt6v23zR/5l8Q/e6a0HUBwjLv6VL5fFLXB9PrCX/fjgw8v44YVSQP+hCukUO/9WqApTFkvkHf+kHVwJRS5L8DIgZZTEtzTezRbLEqfsdQXPFOePiGj2kvzA307PubVupvSoSjmXNhQ2dASi7s2ubu2E5dKCminVKtokBYL uucp@radiofreqs.space +restrict,command="/usr/sbin/uucico -u Ucaconym -l" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqX+riAKAJnoFdlun0kdYSld6rsfh9RHhRPHbgd/CmY0i0HSJoOiDk57fhbvYLZ4QUOruMWBw1vEUFkaFzyxfiu42C7L8xjh9lqzGWI4xhap2e9bIP3lUoMqBrxsaWJk+6/sRoNDNhITZxPEJig2rmEHFU7GO7Z3v+GkshiYTcstFvj3OttQne2cZdNIO5AekqNhUBHv9mUSBnSTUf4t4VOiQP7+/VWYtu9sogzAzgZbY+L6j3hbZCxaLJtKKRJ+8ns+9Zdzb1q55IlKUB/umFQg/Aff25oitEy6MszGV66aEyVBe04CiiWwAH15W3OLpNmkPzZLQBSnBQ4Rd2oIkZ uucp@dgold diff --git a/utils/bootstrap.pl b/utils/bootstrap.pl index 350d4e1..84a7419 100755 --- a/utils/bootstrap.pl +++ b/utils/bootstrap.pl @@ -84,7 +84,7 @@ sub generateSys { remote-receive /var/spool/uucppublic time any forward ANY - chat \"\" \\d\\d\\r\\c login: \\d\\L word: \\P + chat \"\" \\d\\d\\r\\c word: \\d\\P chat-timeout 60 protocol t port $currentNode