SSL-encrypted uucp-over-tcp using stunnel

This document assumes you already have a reasonable amount of knowledge about UUCP and how to configure your MTA to use the uucp transport. See the links below for help with these matters.

In particular, this document does not describe how to install uucp, stunnel, and openssl on your particular system.

Server-side Configuration

First, you must install the taylor uucp and stunnel programs. On a Debian GNU/Linux box, just run
apt-get install uucp stunnel
If you are running a different linux distribution or a different *nix variant then install them as you would any other program on your system.

Once they are installed, you need to run an stunnel-wrapped uucico daemon. choose between the following methods:

  1. make sure that /etc/inetd.conf contains the following line:
    uucp stream tcp nowait root /usr/sbin/stunnel uucico -l /usr/sbin/uucico -- uucico -l

  2. comment out uucp from inetd.conf and run stunnel as a daemon:
    /usr/sbin/stunnel -d 540 -l /usr/sbin/uucico uucico -- -l
    You'll need to add this somehow to your system's startup scripts.
    If you need to run a non-encrypted uucico daemon as well as the stunnelled uucico, then pick another port number.

Client-side Configuration

Install taylor uucp and openssl. Again, on a debian box, just run
apt-get install openssl uucp
If you are running a different linux distribution or a different *nix variant then install them as you would any other program on your system.

Then add the following lines to the following files:

  1. /etc/uucp/sys 
    system __REMOTE__
call-login *
call-password *
time any
chat ogin: \L\n\c word: \P
port ssl__REMOTE__
protocol t

  2. /etc/uucp/call 
    __REMOTE__	__LOGIN__ __PASSWORD__

  3. /etc/uucp/port 
    port ssl__REMOTE__
type pipe
command /usr/bin/openssl s_client -connect __REMOTE-HOST-NAME__:uucp -quiet
replace __REMOTE__ with the uucp name of your uucp feed site.
replace __REMOTE-HOST-NAME__ with the fqdn or ip address of your uucp feed site.
replace __LOGIN__ with your uucp login
replace __PASSWORD__ with your uucp login's password.

Useful Links

  1. Taylor UUCP documentation
  2. Linux Documentation Project's UUCP HOWTO
  3. stunnel home page
  4. openssl home page
  5. Jim Seymour's uucp-over-tcp howto
  6. gnumonks uucp-over-ssl HOWTO project page