Unkerberized NFS
Tim McGarry
tim at mcgarry.ch
Wed Nov 7 09:06:28 EST 2001
If you trust people enough not to sniff then why are you using ssh?
----- Original Message -----
From: "Dave Dykstra" <dwd at bell-labs.com>
To: <mouring at etoh.eviladmin.org>
Cc: "Tim McGarry" <tim at mcgarry.ch>; <openssh-unix-dev at mindrot.org>
Sent: Tuesday, November 06, 2001 10:51 PM
Subject: Re: Unkerberized NFS
> On Tue, Nov 06, 2001 at 01:46:35PM -0600, mouring at etoh.eviladmin.org
wrote:
> >
> > seed files on NFS.. My only concern is packet sniffing. How may NFS
> > connections are encryped now days?
> >
> > - Ben
>
> That's a good point I hadn't thought of, a potential problem even on
> Kerberized NFS. The only counter-argument I can think of is that if
you're
> concerned enough to use encryption on ssh then you probably shouldn't be
> running unencrypted NFS unless it's behind a firewall that encloses only
> people you trust enough not to sniff.
>
>
> On Tue, Nov 06, 2001 at 03:16:11PM -0500, Nicolas Williams wrote:
> > Can't these user-specific seed files be stored in
{/var}/tmp/ssh-seed-$user/?
>
> There's a possible solution. I recall that the XAUTHORITY file was in
/tmp
> for some openssh releases and came back, and I'm not quite sure of the
> reasons, but I suspect they wouldn't be applicable to the seed file.
Using
> /tmp for the seed file has a disadvantage that users may be surprised by
> why startup sometimes takes a lot longer whenever /tmp gets cleaned out
> (such as a reboot or a period of disuse).
>
> - Dave Dykstra
>
More information about the openssh-unix-dev
mailing list