Date: Sat, 6 Nov 1999 05:47:58 +0100 (CET) From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: Exporting Filesystems Securely Message-ID: <199911060447.FAA17769@dorifer.heim3.tu-clausthal.de>
next in thread | raw e-mail | index | archive | help
Edirol wrote in list.freebsd-questions: > I'm looking for a way to export my filesystems from one computer to another > but I'd like all the data to be encrypted. > [...] > I hear there is a way to use ssh to perform the encryption but how can I > export the filesystem without using NFS? Are there alternatives? ssh has a feature to "tunnel" arbitrary ports through an ssh connection. In theory this should work with any TCP-based protocol (I don't think it would work with UDP-based protocols, since they're connection-less). NFS can use either UDP or TCP, so in theory it should be possible to tunnel it through ssh. The problem is, however, that ssh/sshd is a "userland" program, while significant parts of the NFS implementation are handled by the kernel. In other words: it would probably require some serious kernel hacking. Another possibility is to use encryption on the IP level. For example, have a look at SKIP: /usr/ports/security/skip. SKIP is completely transparent, and any application can immediately benefit from it without modification. Furthermore, it is state-less, just like NFS. (Disclaimer: I haven't tried to do NFS over SKIP myself. But it sounds like it's what you're looking for.) Regards Oliver -- Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany (Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de) "In jedem Stück Kohle wartet ein Diamant auf seine Geburt" (Terry Pratchett) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911060447.FAA17769>