That is a *very* good point, Jason.
Installing SSH separately per machine is more of a hassle, but the
security is well worth the trouble.
--
Gregor Mosheh
[EMAIL PROTECTED]
Systems Admin, Humboldt Internet
707.825.4638
On Tue, 11 Jan 2000, Jason Axley wrote:
> This is a very ill-advised approach as an attacker can spoof your ssh and
> sshd binaries via the network. NFS should stand for "Not For Security"
> ;-)
>
> You would negate many of the benefits of ssh by distributing the binaries
> in this insecure manner. If you trust your network enough to use NFS for
> the ssh binaries, you probably don't need ssh!
>
> You would be much better off either:
>
> 1) making an installable package for each host containing the ssh binaries
> and config files and then creating host keys on each host manually with
> ssh-keygen.
> 2) copying the ssh build directory to each host and running 'make
> install' on each. This will install all binaries and config files locally
> and run ssh-keygen for you to gen a host key if one doesn't already exist.
>
> -Jason
>
> On Tue, 11 Jan 2000, George Dimitoglou wrote:
>
> > Date: Tue, 11 Jan 2000 10:01:41 -0500 (EST)
> > From: George Dimitoglou <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: sharing SSH via NFS
> >
> >
> > Fellow SSH-ers,
> >
> > I was looking in the docs but was not sure about this so I better ask...
> >
> >
> > I have a 'mother' system that export via NFS a software directory to
> > other hosts.
> >
> > I have SSH up and running on the mother machine and I would like to get
> > the other hosts running SSH but the version and software from the
> > 'mother' machine. I would think I would need to recompile SSH on the
> > child host (to generate keys etc) but I dont seem to be certain on how
> > to do it.
> >
> > Any help/instructions would be greatly appreciated,
> >
> > Sincerely,
> >
> > --------------------------------------------------
> > George Dimitoglou
> > SM&A, Space Sciences Division
> >
> > SOHO ESA/NASA Project Scientist Team
> > Laboratory of Astronomy & Solar Physics
> > NASA Goddard Space Flight Center
> > Bldg. 26, G-1, Code 682.3
> > Greenbelt, MD 20771
> >
> > [EMAIL PROTECTED]
> >
>
>
> AT&T Wireless Services
> IT Security
> UNIX Security Operations Specialist
>
>
