Re: Secure NFS

From: Gene Yoo (
Date: 02/24/03

  • Next message: Chris Berry: "Re: Permissions scanner"
    Date: Mon, 24 Feb 2003 09:03:34 -0800
    From: Gene Yoo <>
    To: Peet Grobler <>,

    Peet Grobler wrote:
    > I've been wondering about this for a while now...
    > Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not?
    > Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would prefer this
    > one).
    > I'd say, for added security, don't use any public-key exchange. Have a configuration file in which you can specify, say, 6 keys,
    > which will dynamically be changed on-the-fly.
    > If you're interested in such a solution (any one of the above), let me know. I could probably hack it together this weekend, and
    > provide you with a patch. I have been meaning to do this, for the experience. I know how to do it, just never did it, since no-one
    > would use it :)
    > Lemme Know,
    > Peet
    > -----Original Message-----
    > From: []
    > Sent: 20 February 2003 07:17
    > To:
    > Subject: Secure NFS
    > Hello all,
    > I would like to set up a secure NFS in my network. However, I really would like not to have to install portmap deamon on my server
    > as I don't trust it anymore. Moreover, I would like all the network trafic to be encrypted.
    > I naturally turn myself to SFS server and clients but it doesn't fit my needs. I want a secure exportable file system that I could
    > add to my /etc/fstab file so it could be mounted at boot time (to store users' home directory for instance).
    > I know there is a way for tunnelling NFS with SSH but it seems too experimental for production...
    > So what should I do to resolve this problem ?
    > Slaanesh

    you should look into SFS (self-certifying file system) -> this
    topic has been out for some time and i believe you could search this
    through sage or usenix dot org.

    <<gyoo [at] attbi [dot] com>>
    Hash: SHA1
    Version: GnuPG v1.2.0 (GNU/Linux)
    -----END PGP SIGNATURE-----

    Relevant Pages

    • Re: A unresponsive file system can hang all I/O in the system on linux-2.6.23-rc6 (dirty_thr
      ... a unresponsive file system can hang all I/O in the system. ... I started 20 threads doing I/O on a NFS share. ... dead NFS server then you can manually increase ...
    • How can I determine version of apache running?? (pz4wfq .)
      ... NFS problem ... Determining who consumes disk space ... In a fact I am writing this question here because everything is working fine with file system shared on Sun/Solaris box, while it is not working with file system shared on EMC/Celerra. ... I am using disk less clients that boots RedHat 8.0 over BOOTP and mount root file system over nfs. ...
    • Re: Folder Synchronization
      ... Just to looking for AFS or Coda file system. ... and my server where my documents are stored. ... > just to get NFS to work. ... > all that, but when I am shutting down my laptop, one of the messages I ...
    • nfs problem
      ... I have problem with nfs file system which failed when I trying to dump ... Mount does not exist. ... NFS getattr failed for server cws: error 5 ...
    • Re: Diskless Boot Problem
      ... > The root file system seems to mount correctly, but I am not sure how to ... I don't have a memory file system set up, ... Check that you can mount the nfs root device. ... unconfigure the NIC before obtaining a new lease meaning that any NFS ...