There are several ways you could go about that, such as firewalling your Redis or using spiped, but (post- Heartbleed) SSL is still one of my favorites. the AUTH command) only gets you so far and in some cases you need something a little stronger. What do you do if you want to secure access to your Redis? Plain password authentication (i.e. Stunnel /usr/local/etc/ Redis Client and Server with Stunnel Create a config file (In this case in /usr/local/etc/)Ĭert = /usr/local/etc/ssl/certs/stunnel.pem Let's assume your uplink system is called 'chico' and has the FQDN ' Stunnel -c -r :4031 -l uucico - uucico -S chico -Dįor currently unknown reasons this only works as root. Let's assume your uplink system is called 'chico' and has the FQDN ''. In order to configureĪ system for UUCP over SSL just modify the 'port' line of the system More generic information about UUCP configuration. I'm not describing the usual setup of an uucp system, have a look at some The sys file contains a list of all uucp systems we may want to connect. In our special case for UUCP over SSL we use the stdin special port. The ports file lists all uucp-usable ports. There are only two minor changes neccessary for using SSL: if you were using a serial line or plaintext TCP). Suucp stream tcp nowait uucp /usr/sbin/tcpd /usr/sbin/stunnel /usr/local/etc/ You'll need to create a config file (/usr/local/etc/ in this example) Server_args = -p /usr/local/ssl/certs/stunnel.pem -r localhost:uucp Suucp stream tcp nowait uucp /usr/sbin/tcpd /usr/sbin/stunnel -p /usr/local/ssl/certs/stunnel.pem -r localhost:uucp Next it is neccessary to add another entry to your (x)nf: Once the changes to our (x)inetd configuration file are made, it is neccessary to have them reloaded using the killall -HUP inetd respectively killall -USR1 xinetd command. The following examples expect your certificate to be in /usr/local/ssl/certs/stunnel.pem You have to obtain (or create) a certificate to be used with stunnel. Just put an apropriate line into /etc/services: Of course you could choose any other port, too - it would work - but nonetheless, it's always a good idea to follow standards. IANA has now assigned a port number for UUCP over SSL, port 4031. Uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/sbin/uucico -lįor xinetd based systems, the UUCP section looks likeĭon't forget to tell your inet daemon about your changes using killall -HUP inetd respectively killall -USR1 xinetd If You use inetd, the line for UUCP looks like Unless we already have UUCP/tcp running, we have to set up our super inet daemon to handle incoming requests. There's no difference between UUCP/serial UUCP/tcp or UUCP/sslģ.2 Configuration of (x)INETD for UUCP/tcp You just set up the configuration for the UUCP slave systems as usual. It is the 'server' side waiting for inbound connections. The UUCP master is the passive end of a connection. It may be obtained from Both versions 3 and 4 are mentioned. Stunnel is also included in major current GNU/Linux distributions. Stunnel is a standalone SSL tunneling program which may be used to encapsulate plaintext protocols like POP3 into SSL. It should be included in almost any GNU/Linux distribution - so the following URL is just for reference: Taylor-UUCP has proven as the de-facto standard UUCP implementation in the last 6 years or so. I'm the administrator of a machine with over 300 UUCP accounts and I really want to provide my users the ability to transfer their mail and news batches securely.Īs my test environment consists out of GNU/Linux boxes, there is no guarantee that this may work on other *NIX-like operating systems - although it should work on any platform which supports openssl, stunnel and taylor-uucp. UUCP seems not to be a state of the art solution for mail-transfer, but there are still a bunch of users, who mostly do UUCP over TCP - which of course uses plaintext passwords. One has to be really lazy to use POP3 or IMAP over the internet and thus handling over their login/password to the public. This document describes how to set up UUCP (master and slave) to work over SSL (Secure Socket Layer) using taylor-UUCP and stunnel.Īlmost all mail transfer protocols have been enctrypted over the last years. UUCP over SSL HOWTO UUCP over SSL HOWTO Harald Welte Tuc $Revision: 1.9 $, $Date: 8 16:29:54 $
0 Comments
Leave a Reply. |