Nameless UUCP network not trustable

My first job was providing technical support for users of an ISP that provided e-mail and news over UUCP. Since then I've maintained a small personal UUCP network occasionally connecting to such UUCP providers as pop up from time to time.

I recently became aware of an attempt to set up a new UUCP network a new UUCP network. Since I have an existing personal UUCP network and AFAICT all sites connected as Tier 1 sites(which are all-2-all connected) would need to register all connected UUCP systems centrally to prevent name collisions I elected to try to join as a Tier 2/Leaf site.

The instructions for Tier 2 sites don't appear to have been written so I downloaded the setup script for Tier 1 sites and ran it under an unprivileged user with the intent of extracting the config for connecting to the Tier 1 site I needed to connect to from there.

The generated config tries to create a suitable authorized_keys file but all keys get the same command forced on them one which invokes uucico -l to prompt for username and password. Unfortunately the same script will generate the username and password to use with a Tier 1 sites for whichever site you give it.

Also by default uucico doesn't normally care overmuch about the login you provided. To fix this you need a called-login entry in the sys file for each system restricting it to use by a particular login. None of the sys file entries have this which means that whatever login and password you give it UUCP will accept any system name you care to give it in response to Shere=<system name>.

To maximise security it would be best if each calling system were logged in under a different unix uid (traditionally U<system name>) which is a member of the uucp group or is otherwise able to tun uucico. Alternatively each key in ~uucp/.ssh/authorized_keys could be associated with a particular login via uucico's -u option. This login could then be checked against the called_login entry for the system that they claimed.

The whole idea of having uucico prompt for passwords seems pointless today even if there was some secure mechanism for negotiating them since they are stored in plain text.