This is a very ill-advised approach as an attacker can spoof your ssh and
sshd binaries via the network. NFS should stand for "Not For Security"
;-)
You would negate many of the benefits of ssh by distributing the binaries
in this insecure manner. If you trust your network enough to use NFS for
the ssh binaries, you probably don't need ssh!
You would be much better off either:
1) making an installable package for each host containing the ssh binaries
and config files and then creating host keys on each host manually with
ssh-keygen.
2) copying the ssh build directory to each host and running 'make
install' on each. This will install all binaries and config files locally
and run ssh-keygen for you to gen a host key if one doesn't already exist.
-Jason
On Tue, 11 Jan 2000, George Dimitoglou wrote:
> Date: Tue, 11 Jan 2000 10:01:41 -0500 (EST)
> From: George Dimitoglou <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: sharing SSH via NFS
>
>
> Fellow SSH-ers,
>
> I was looking in the docs but was not sure about this so I better ask...
>
>
> I have a 'mother' system that export via NFS a software directory to
> other hosts.
>
> I have SSH up and running on the mother machine and I would like to get
> the other hosts running SSH but the version and software from the
> 'mother' machine. I would think I would need to recompile SSH on the
> child host (to generate keys etc) but I dont seem to be certain on how
> to do it.
>
> Any help/instructions would be greatly appreciated,
>
> Sincerely,
>
> --------------------------------------------------
> George Dimitoglou
> SM&A, Space Sciences Division
>
> SOHO ESA/NASA Project Scientist Team
> Laboratory of Astronomy & Solar Physics
> NASA Goddard Space Flight Center
> Bldg. 26, G-1, Code 682.3
> Greenbelt, MD 20771
>
> [EMAIL PROTECTED]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
