Unkerberized NFS
Dave Dykstra
dwd at bell-labs.com
Wed Nov 7 08:51:30 EST 2001
On Tue, Nov 06, 2001 at 01:46:35PM -0600, mouring at etoh.eviladmin.org wrote:
>
> seed files on NFS.. My only concern is packet sniffing. How may NFS
> connections are encryped now days?
>
> - Ben
That's a good point I hadn't thought of, a potential problem even on
Kerberized NFS. The only counter-argument I can think of is that if you're
concerned enough to use encryption on ssh then you probably shouldn't be
running unencrypted NFS unless it's behind a firewall that encloses only
people you trust enough not to sniff.
On Tue, Nov 06, 2001 at 03:16:11PM -0500, Nicolas Williams wrote:
> Can't these user-specific seed files be stored in {/var}/tmp/ssh-seed-$user/?
There's a possible solution. I recall that the XAUTHORITY file was in /tmp
for some openssh releases and came back, and I'm not quite sure of the
reasons, but I suspect they wouldn't be applicable to the seed file. Using
/tmp for the seed file has a disadvantage that users may be surprised by
why startup sometimes takes a lot longer whenever /tmp gets cleaned out
(such as a reboot or a period of disuse).
- Dave Dykstra
More information about the openssh-unix-dev
mailing list