From owner-freebsd-questions  Fri Nov  5 20:49:37 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from dorifer.heim3.tu-clausthal.de (dorifer.heim3.tu-clausthal.de [139.174.243.252])
	by hub.freebsd.org (Postfix) with ESMTP id 8352514BDB
	for <freebsd-questions@FreeBSD.ORG>; Fri,  5 Nov 1999 20:49:34 -0800 (PST)
	(envelope-from olli@dorifer.heim3.tu-clausthal.de)
Received: (from olli@localhost)
	by dorifer.heim3.tu-clausthal.de (8.8.8/8.8.8) id FAA17769
	for freebsd-questions@FreeBSD.ORG; Sat, 6 Nov 1999 05:47:58 +0100 (CET)
	(envelope-from olli)
Date: Sat, 6 Nov 1999 05:47:58 +0100 (CET)
From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de>
Message-Id: <199911060447.FAA17769@dorifer.heim3.tu-clausthal.de>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Exporting Filesystems Securely
Organization: Administration Heim 3
Reply-To: freebsd-questions@FreeBSD.ORG
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: TIN [version 1.2 RZTUC(3) PL2]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Edirol wrote in list.freebsd-questions:
 > I'm looking for a way to export my filesystems from one computer to another
 > but I'd like all the data to be encrypted.
 > [...]
 > I hear there is a way to use ssh to perform the encryption but how can I
 > export the filesystem without using NFS? Are there alternatives?

ssh has a feature to "tunnel" arbitrary ports through an ssh
connection.  In theory this should work with any TCP-based
protocol (I don't think it would work with UDP-based protocols,
since they're connection-less).  NFS can use either UDP or TCP,
so in theory it should be possible to tunnel it through ssh.
The problem is, however, that ssh/sshd is a "userland" program,
while significant parts of the NFS implementation are handled
by the kernel.  In other words: it would probably require some
serious kernel hacking.

Another possibility is to use encryption on the IP level.  For
example, have a look at SKIP:  /usr/ports/security/skip.  SKIP
is completely transparent, and any application can immediately
benefit from it without modification.  Furthermore, it is
state-less, just like NFS.

(Disclaimer:  I haven't tried to do NFS over SKIP myself.  But
it sounds like it's what you're looking for.)

Regards
   Oliver

-- 
Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany
(Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de)

"In jedem Stück Kohle wartet ein Diamant auf seine Geburt"
                                         (Terry Pratchett)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message