From owner-freebsd-security Mon Nov 25 16: 3:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFA5537B401 for ; Mon, 25 Nov 2002 16:03:23 -0800 (PST) Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6680A43ED4 for ; Mon, 25 Nov 2002 16:03:23 -0800 (PST) (envelope-from jason@shalott.net) Received: (qmail 32484 invoked by uid 1000); 26 Nov 2002 00:03:23 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Nov 2002 00:03:23 -0000 Date: Mon, 25 Nov 2002 16:03:22 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: NFS over SSH Message-ID: <20021125160252.B2900-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I want to tunnel NFS with SSH for hosts not on my internal network. > Are there any how-to's available on this topic? This is fairly unpleasant, what with the use of the portmapper, udp, and servers (usually) requiring priveleged ports. If you control both the clients and the servers, check out SFS instead - it's basically NFS over a single tcp port (so packet filtering and tunneling are easy), with builtin crypto, and a magic uid-translation layer, so that uids don't have to be consistent across clients and servers. cat /usr/ports/security/sfs/pkg-descr WWW: http://www.fs.net/ SFS (Self-Certifying File System) is a secure, global file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. SFS lets you share files across administrative realms without involving administrators or certification authorities. SFS names file systems by public keys. Every remote file server is mounted on a self-certifying pathname -- a directory of the form /sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID is a cryptographic hash of a public key. This naming scheme allows for completely decentralized control -- anyone can create a file server, and any user can access any file server from any client. Various key management schemes can be built on top of SFS using symbolic links to map human-readable names to self-certifying pathnames. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE94rpLswXMWWtptckRAgf8AKCVhCYi+bRnqvAbSUVHVHqFXFwQ8ACeISyH H8yxixmbScilt5gMWF/tQ6Y= =Tbje -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message