I've been wondering about this for a while now...
Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not?
Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would prefer this one).
I'd say, for added security, don't use any public-key exchange. Have a configuration file in which you can specify, say, 6 keys, which will dynamically be changed on-the-fly.
If you're interested in such a solution (any one of the above), let me know. I could probably hack it together this weekend, and provide you with a patch. I have been meaning to do this, for the experience. I know how to do it, just never did it, since no-one would use it :)
Lemme Know, Peet
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 20 February 2003 07:17 To: [EMAIL PROTECTED] Subject: Secure NFS
Hello all,
I would like to set up a secure NFS in my network. However, I really would like not to have to install portmap deamon on my server as I don't trust it anymore. Moreover, I would like all the network trafic to be encrypted. I naturally turn myself to SFS server and clients but it doesn't fit my needs. I want a secure exportable file system that I could add to my /etc/fstab file so it could be mounted at boot time (to store users' home directory for instance). I know there is a way for tunnelling NFS with SSH but it seems too experimental for production...
So what should I do to resolve this problem ?
Slaanesh
<snip>
you should look into SFS (self-certifying file system) -> fs.org. this topic has been out for some time and i believe you could search this through sage or usenix dot org.
-- <<gyoo [at] attbi [dot] com>>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux)
iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE-----