Jerome BENOIT schreef:
Hello List,
Please follow the bottom-reply policy.
NFS < v4 is certainly not safe. It does not offer mechanisms for authentication and encryption. NFSv4 allows kerberos authentication and encryption. I don't know how well that works. For networking over the internet, NFS opens a lot of ports and gives a lot of additional things to worry about. For that, SSHFS is fine for simple stuff. Else you can tunnel NFS over SSH, or use a VPN connection. Use NFS for what its good for (locking, speed, ...) and use other mechanisms to shield it from the big bad web. This seems to me a sensible policy for basically all (network) services.so far I can remember NSF was not considered as a safe network stuff (see harden-servers) :may be the last version is safer.
Sjoerd
Jerome Michael Pobega wrote:On 0, Israel Garcia <igalvarez@gmail.com> wrote:Hi list, Do you know pros and cons of using SSHFS instead NFS to share a lot of debian folders? I know NFS is proven and has good performance with a lot of shares and intensive use. BUT I don't know if SSHFS have been proven to work under this circumstances. Any experience using SSHFS?SSHFS is generally meant to be used as a single-user filesystem; if multiplepeople are going to be accessing the mount, you may want to go with NFS.Also keep in mind the overhead from the encryption will make any SSH transfersnoticeably slower than it's NFS counterpart.What I 'use' SSHFS for is to mount my $HOME at work to local $HOME/work so thatI can edit my scripts using my local tools, as opposed to having to doeverything over SSH. SSHFS isn't meant to be an encrypted answer to NFS, it'smeant to do little things like that.At least that's my opinion; I guess you could technically use it any way youwant. -- http://fuzzydev.org/~pobega http://identi.ca/pobega
Attachment:
signature.asc
Description: OpenPGP digital signature