Unkerberized NFS
Dave Dykstra
dwd at bell-labs.com
Wed Nov 7 09:26:35 EST 2001
You could be using ssh through the firewall to a more hostile network.
My point was that if you're using a hostile network for unencrypted though
kerberized NFS you'd better not be storing any data on that filesystem
you wouldn't want anybody to see.
- Dave
On Tue, Nov 06, 2001 at 11:06:28PM +0100, Tim McGarry wrote:
> If you trust people enough not to sniff then why are you using ssh?
>
> ----- Original Message -----
> From: "Dave Dykstra" <dwd at bell-labs.com>
> To: <mouring at etoh.eviladmin.org>
> Cc: "Tim McGarry" <tim at mcgarry.ch>; <openssh-unix-dev at mindrot.org>
> Sent: Tuesday, November 06, 2001 10:51 PM
> Subject: Re: Unkerberized NFS
>
>
> > On Tue, Nov 06, 2001 at 01:46:35PM -0600, mouring at etoh.eviladmin.org
> wrote:
> > >
> > > seed files on NFS.. My only concern is packet sniffing. How may NFS
> > > connections are encryped now days?
> > >
> > > - Ben
> >
> > That's a good point I hadn't thought of, a potential problem even on
> > Kerberized NFS. The only counter-argument I can think of is that if you're
> > concerned enough to use encryption on ssh then you probably shouldn't be
> > running unencrypted NFS unless it's behind a firewall that encloses only
> > people you trust enough not to sniff.
More information about the openssh-unix-dev
mailing list