Date: Mon, 25 Nov 2002 16:03:22 -0800 (PST) From: Jason Stone <jason-fbsd-security@shalott.net> To: <security@freebsd.org> Subject: Re: NFS over SSH Message-ID: <20021125160252.B2900-100000@walter>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I want to tunnel NFS with SSH for hosts not on my internal network. > Are there any how-to's available on this topic? This is fairly unpleasant, what with the use of the portmapper, udp, and servers (usually) requiring priveleged ports. If you control both the clients and the servers, check out SFS instead - it's basically NFS over a single tcp port (so packet filtering and tunneling are easy), with builtin crypto, and a magic uid-translation layer, so that uids don't have to be consistent across clients and servers. cat /usr/ports/security/sfs/pkg-descr WWW: http://www.fs.net/ SFS (Self-Certifying File System) is a secure, global file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities. SFS names file systems by public keys. Every remote file server is mounted on a self-certifying pathname -- a directory of the form /sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID is a cryptographic hash of a public key. This naming scheme allows for completely decentralized control -- anyone can create a file server, and any user can access any file server from any client. Various key management schemes can be built on top of SFS using symbolic links to map human-readable names to self-certifying pathnames. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE94rpLswXMWWtptckRAgf8AKCVhCYi+bRnqvAbSUVHVHqFXFwQ8ACeISyH H8yxixmbScilt5gMWF/tQ6Y= =Tbje -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021125160252.B2900-100000>