On Sat, Jan 03, 2004 at 02:36:33PM -0800, Alvin Oga wrote:
Antonio> What would be the best route to establish an encrypted or
Antonio> secure nfs session? I would like to be able to mount a faraway
Antonio> (debian) machine with confidence of not being observed. Any
Antonio> ideas? Thanks.
use secure rpc
use secure portmap
use secure nfs
use scp/ssh --> use a good hard to guess/type passphrase
Isn't it possible to mount drives with ssh, so it does the scp
tranparently?
regardless of method .... the basic underlying nfs structure is insecure
so you're supposed to replace the insecure portmap, rpc services with
something more secure
http://www.linux-sec.net/FileSystem/#NFS
- crackers can get into your box via nfs vulnerabilities
because you have it "on" ( big problem )
or start on another path of coda, intermezzo, afs, ...
( more fun and tricks )
- or even better, use an encrypted fs.. than its no longer an
issue
Any pointers to encrypted fs?