y Encrypted NFS with OpenSSH and Linux

Contributed by Dengue on 2002-02-18 from the I-don't-even-have-my-copy-yet dept.

SysAdmin Magazine is running an article from their March issue: Encrypted NFS with OpenSSH and Linux . It's worth a read.

(Comments are closed)

Comments

By jose nazario () jose@crimelabs.net on 2002-02-18 05:07 mailto:jose@crimelabs.net

consider looking into afs. with OpenAFS , linux and win32 are supported both as clients and servers. other platforms are being worked on (including openbsd, mainly thanks to jim rees), but they're not yet production quality. (the cache manager is not available in a lot of places, as best as i can tell.) however, openbsd does ship with afs code from the arla project.
anyhow, afs allows for secure access and encrypted transfers along with being scalable for the wide area. far less kookery than ssh pipes for NFS, and no need to open the firewall up for portmap and other rpc services.
By niekze () niekze@nothingkillsfaster.com on 2002-02-18 08:07 http://www.nothingkillsfaster.com

look at the ugly iptables & ipchains syntax :(

thank you, pf for not being ugly :)
By cell X () cell_x@hushmail.com on 2002-02-18 16:50 http://www.deadly.org

I wish SysAdmin Magazine people would realize that openbsd comes with native IPSec abilities..just make tunnels and setup NFS..
done deal.. =P
Comments
1. By niekze () on 2002-02-18 21:00
  
  but the article was for the lunix kids...
  Comments
  1. By Anonymous Coward () on 2002-02-19 02:49
    
    Ph34r - Phr335w4n 0n lun1X!
    
    Comments
    
    By lowercase the 'S' () on 2002-02-20 16:40
    
    FreeS/WAN is on of the worst IPsec-Implementation out there. It doesn't even have an SPD (security policy database). I'd dare calling FreeS/WAN an IPsec-Implementation.
  2. By Anonymous Coward () on 2002-02-19 08:52
    
    DUDE YES!! NIEKZE TOTALLY RIP ON LINUX! SPELLING IT WRONG MEANS FUNNY ENGAGE!!
2. By Anonymous Coward () on 2002-02-20 06:05
  
  But you have to realize that SysAdmin is a _journal_.
  That means that other people submit proposals and manuscripts to the editors.
By Anonymous Coward () on 2002-02-19 12:42

A better alternative to tunneling NFS over SSH is just using SFS . SFS encrypts file system traffic, but also handles user authentication properly (unlike this suggestion).

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]