Date: Sat, 6 Nov 1999 05:47:58 +0100 (CET) From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: Exporting Filesystems Securely Message-ID: <199911060447.FAA17769@dorifer.heim3.tu-clausthal.de>
next in thread | raw e-mail | index | archive | help
Edirol wrote in list.freebsd-questions:
> I'm looking for a way to export my filesystems from one computer to another
> but I'd like all the data to be encrypted.
> [...]
> I hear there is a way to use ssh to perform the encryption but how can I
> export the filesystem without using NFS? Are there alternatives?
ssh has a feature to "tunnel" arbitrary ports through an ssh
connection. In theory this should work with any TCP-based
protocol (I don't think it would work with UDP-based protocols,
since they're connection-less). NFS can use either UDP or TCP,
so in theory it should be possible to tunnel it through ssh.
The problem is, however, that ssh/sshd is a "userland" program,
while significant parts of the NFS implementation are handled
by the kernel. In other words: it would probably require some
serious kernel hacking.
Another possibility is to use encryption on the IP level. For
example, have a look at SKIP: /usr/ports/security/skip. SKIP
is completely transparent, and any application can immediately
benefit from it without modification. Furthermore, it is
state-less, just like NFS.
(Disclaimer: I haven't tried to do NFS over SKIP myself. But
it sounds like it's what you're looking for.)
Regards
Oliver
--
Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany
(Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de)
"In jedem Stück Kohle wartet ein Diamant auf seine Geburt"
(Terry Pratchett)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911060447.FAA17769>