NFS over ssh
John Bowman
bowman at math.ualberta.ca
Fri May 11 00:05:52 EST 2001
Secure NFS (SNFS) via SSH tunneling of UDP datagrams, as suggested in the
SSH FAQ, has now been implemented and is available for download from
http://www.math.ualberta.ca/imaging/snfs/. This is an enhancement of the
original sec_rpc package developed by Holger Trapp.
* Tunneling via SSH increases the security of the connection and prevents
IP spoofing.
* SNFS has been tested on Linux i386 and alpha platforms under RedHat 6.2.
* No changes to the kernel or existing daemons are required.
* On a high-end workstation, tunneling of large files results in only a slight
degradation in speed (eg. 4MB/s instead of 5MB/s).
* Detailed configuration instructions are contained in the file NFS/README.NFS.
Here is a question for this group: so far, of the 4 UDP services, only
mountd and nfsd are being tunneled through ssh. In sec_rpc-1.0,
portmap/rpcbind and the lock manager are not being tunneled, because
the system is configured so that only local connections to the portmap are
allowed anyway (via /etc/hosts.allow). Are there any security concerns here?
Thanks,
-- John Bowman
University of Alberta
http://www.math.ualberta.ca/~bowman
More information about the openssh-unix-dev
mailing list