mailing list archives
Re: Secure NFS
From: Gene Yoo <gyoo () attbi com>
Date: Mon, 24 Feb 2003 09:03:34 -0800
Peet Grobler wrote:
I've been wondering about this for a while now...
Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not?
Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would
I'd say, for added security, don't use any public-key exchange. Have a configuration file in which you can specify,
say, 6 keys,
which will dynamically be changed on-the-fly.
If you're interested in such a solution (any one of the above), let me know. I could probably hack it together this
provide you with a patch. I have been meaning to do this, for the experience. I know how to do it, just never did it,
would use it :)
From: slaanesh () netcourrier com [mailto:slaanesh () netcourrier com]
Sent: 20 February 2003 07:17
To: security-basics () securityfocus com
Subject: Secure NFS
I would like to set up a secure NFS in my network. However, I really would like not to have to install portmap deamon
on my server
as I don't trust it anymore. Moreover, I would like all the network trafic to be encrypted.
I naturally turn myself to SFS server and clients but it doesn't fit my needs. I want a secure exportable file system
that I could
add to my /etc/fstab file so it could be mounted at boot time (to store users' home directory for instance).
I know there is a way for tunnelling NFS with SSH but it seems too experimental for production...
So what should I do to resolve this problem ?
you should look into SFS (self-certifying file system) -> fs.org. this
topic has been out for some time and i believe you could search this
through sage or usenix dot org.
<<gyoo [at] attbi [dot] com>>
-----BEGIN PGP SIGNED MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----