pjh@mccc.UUCP (Pete Holsberg) (08/09/88)
Here's a portion of a debug file I got while trying to call a neighbor. He claims that he (a 3B2/400 running SysV R3) is set up as per the Nutshell UUCP book. Can anyone help us? Thanks. ****************************************************************** ^M^JAT&T 3B2/400 login:got it sendthem (XXXXXXXX^M) expect: (word) muucp^M^JPasswordgot it sendthem (YYYYYYY^M) imsg >:^M^JUNIX System V Release 3.0 AT&T 3B2^M^Jsscnj^M^JCopyright (c) 1984 AT&T^M^JAll Rights Reserved^M^J^PShere=sscnj^@Login Successful: System=sscnj omsg "Smccc -Q0 -x9" imsg >^PRLOGIN^@msg-RLOGIN HANDSHAKE FAILED: REMOTE REJECT AFTER LOGIN exit code 101 Conversation Complete: Status FAILED TM_cnt: 0 ****************************************************************
haugj@pigs.UUCP (Joe Bob Willie) (08/11/88)
In article <749@mccc.UUCP> pjh@mccc.UUCP (Pete Holsberg) writes: >Here's a portion of a debug file I got while trying to call a neighbor. >He claims that he (a 3B2/400 running SysV R3) is set up as per the >Nutshell UUCP book. Can anyone help us? Thanks. [ stuff deleted ] >imsg >^PRLOGIN^@msg-RLOGIN >HANDSHAKE FAILED: REMOTE REJECT AFTER LOGIN i had this just last week ;-). uucp is unable to read one of the files that it needs. the problem i had was that uucico was SUID nuucp and the uucp files were owned by uucp. your remote system probably thinks you are an unknown machine. i'd start by checking the permissions on your Systems file. -- jfh@rpp386.uucp (The Beach Bum at The Big "D" Home for Wayward Hackers) "Never attribute to malice what is adequately explained by stupidity" -- Hanlon's Razor
vause@cs-col.Columbia.NCR.COM (Sam Vause) (08/12/88)
In article <218@pigs.UUCP> haugj@pigs.UUCP (Joe Bob Willie) writes: >In article <749@mccc.UUCP> pjh@mccc.UUCP (Pete Holsberg) writes: >>Here's a portion of a debug file I got while trying to call a neighbor. >>He claims that he (a 3B2/400 running SysV R3) is set up as per the >>Nutshell UUCP book. Can anyone help us? Thanks. >[ stuff deleted ] >>imsg >^PRLOGIN^@msg-RLOGIN >>HANDSHAKE FAILED: REMOTE REJECT AFTER LOGIN >i had this just last week ;-). uucp is unable to read one of the >files that it needs. the problem i had was that uucico was SUID > ... I, too, have had this one recently. Took me nearly 6 hours to figure it out. Final solution: I had to add a "LOGNAME=nuucp" entry to the Permissions file for the "nuucp" login which was trying to call in.... +------------------------------------------------------------------+ |Sam Vause, NCR Corporation, Customer Services - TOWER Support | |3325 Platt Springs Road, West Columbia, SC 29169 (803) 791-6953 | | vause@cs-col.Columbia.NCR.COM | | ...!ucbvax!sdcsvax!ncr-sd!ncrcae!cs-col!vause | +------------------------------------------------------------------+
woods@gpu.utcs.toronto.edu (Greg Woods) (08/14/88)
Does anyone know of any special tricks required to allow annonymous UUCP
connections to HDB Uucp, specifically 386/ix's version?
I tried a Permissions entry for LOGNAME=nuucp, and MACHINE=OTHER, and
combinations of both, merged, and not merged, but I always get "call
from unknown system" messages. As soon as I put an entry in the Systems
file, all works fine, even if they login as nuucp.
I've had a fair amount of experience with HDB Uucp, and V7 Uucp, but
when I think about it, I don't think I've ever used annonymous UUCP with
any version.
--
Greg Woods.
UUCP: utgpu!woods, utgpu!{ontmoh, ontmoh!ixpierre}!woods
VOICE: (416) 242-7572 [h] LOCATION: Toronto, Ontario, Canadarjd@occrsh.ATT.COM (Randy_Davis) (08/16/88)
In article <1988Aug13.185324.1409@gpu.utcs.toronto.edu> woods@gpu.utcs.Toronto.EDU (Greg Woods) writes:
:Does anyone know of any special tricks required to allow annonymous UUCP
:connections to HDB Uucp, specifically 386/ix's version?
:
:I tried a Permissions entry for LOGNAME=nuucp, and MACHINE=OTHER, and
:combinations of both, merged, and not merged, but I always get "call
:from unknown system" messages. As soon as I put an entry in the Systems
:file, all works fine, even if they login as nuucp.
:
:I've had a fair amount of experience with HDB Uucp, and V7 Uucp, but
:when I think about it, I don't think I've ever used annonymous UUCP with
:any version.
:
: Greg Woods.
Unless you have source to HDB Uucp, or have a version compiled with the
NOSTRANGERS ifdef undefined, you are out of luck. The default compile
is to not allow any communication onless the caller is in the Systems file.
Randygrs@alobar.ATT.COM (Gregg Siegfried) (08/16/88)
In article <323@occrsh.ATT.COM> rjd@occrsh.UUCP (Randy_Davis) writes: >In article <1988Aug13.185324.1409@gpu.utcs.toronto.edu> woods@gpu.utcs.Toronto.EDU (Greg Woods) writes: >:Does anyone know of any special tricks required to allow annonymous UUCP >:connections to HDB Uucp, specifically 386/ix's version? > > Unless you have source to HDB Uucp, or have a version compiled with the >NOSTRANGERS ifdef undefined, you are out of luck. The default compile >is to not allow any communication onless the caller is in the Systems file. This is not completely true. Randy is right, NOSTRANGERS is defined by default, and should be, but its behaviour can be overridden. I don't use 386/IX, but hopefully HDB is HDB. (Unix is Unix, right?? :-) NOSTRANGERS is a program to execute if an unknown host logs in. Generally, this is defined as remote.unknown, which is a executable shell file in /usr/lib/uucp that echoes the unknown system name into $SPOOLDIR/.Admin/Foreign. This can be overridden by making this file unexecutable. So a chmod 600 remote.unknown should allow anyone to uucp into your system. Note that this is greatly reducing the builtin HDB security, but judicious use of the Permissions file can help make up for it. Good luck... -- Gregg Siegfried | Nothing I say should be construed as AT&T AT&T - Cincinnati | policy or opinion .. I just hack here. UUCP: grs@alobar.att.com | Don't Rock - Wobble ARPA: grs%alobar@att.arpa | 513-629-8314 (work) 513-561-0368 (antiwork)
james@bigtex.uucp (James Van Artsdalen) (08/17/88)
In article <209@alobar.ATT.COM>, grs@alobar.UUCP (Gregg Siegfried) wrote: > [ /usr/lib/uucp/remote.unknown ] > This can be overridden by making this file unexecutable. So a > chmod 600 remote.unknown should allow anyone to uucp into your system. > Note that this is greatly reducing the builtin HDB security, but judicious > use of the Permissions file can help make up for it. If you give each uucp neighbor a separate login and use the VALIDATE= keyword in the permissions file, I think there is little danger from an anonymous uucp login. READ=, NOWRITE= and PUBDIR= also can help. I have tested that on the bigtex anonymous uucp login, and it appears impossible to for someone to claim to by system "juniper" without logging in under "ujuniper" with the correct password - the nuucp login cannot be used. I also recommend using COMMANDS= to point rmail to something other than /bin/rmail, so that people can send mail, but not out into the net. -- James R. Van Artsdalen ...!uunet!utastro!bigtex!james "Live Free or Die" Home: 512-346-2444 Work: 328-0282; 110 Wild Basin Rd. Ste #230, Austin TX 78746