Is there a NFS alternative?

Daniel Yek dyek at real.com
Thu Feb 8 00:02:21 UTC 2007 

At 12:52 PM 2/7/2007, Arthur Pemberton wrote:
>> >>It was a while ago when I read that NFS was difficult to secure with (the
>> >>use of) ssh and iptables (or something like that).
>> >>
>> >>I really needed an alternative that works and can be made secure.

>> >> If not, what is the closest thing to NFS?
>>
>> >Subdue NFS to use only one port, firewall all other ports
>> >off....possible filter the NFS port too?
>>
>>That is what I read and I was looking for an alternative to that. Is there
>>other solution? Or this is the best available solution already?
>
>Well, if you can suggest how the solution could be made better, I or
>others can maybe suggest how to implement it.

>The only other thing i can think of is have port mapper interface with
>iptables in a plug and play type firewall way (or however Windows
>refers to it)

At 01:52 PM 2/7/2007, Olivier Galibert wrote:
>What is your threat model?  What do you want to be secured against?
>
>   OG.

At 02:04 PM 2/7/2007, Lamont Peterson wrote:
>Kerberized NFS, preferably NFS4.
>
>AndrewFS or CodaFS.

Thanks everybody for replying!

I am hoping for a secure solution to mount directories "shared out" from my 
other computer located remotely over the Internet. So that I can edit 
source files and execute programs "locally" and compile remotely (a much 
faster machine).

Whether I go with subdued NFS or NFS4, I will have to secure the 
communication channels with ssh tunnels and doing it the ad-hoc way 
(scripted) is a lot of hassles for daily use with connection that can get 
cut once in a while (daily, for example.)

Without a secure solution, I would just use scp (and possibly develop other 
solutions to sync files.)

With Fedora Core's iptables policies and selinux, I feel secure leaving 
computers exposed to the Internet, knowing that I won't ending up 
suspecting a breach and spending a lot of time dealing with it. It would be 
regrettable to use a network service (likes NFS without ssh tunnels) that 
makes me feel uncertain and insecure. The peace of mind is invaluable.

I have at most read about AFS (and used it as an end user in an 
administered environment) and CodaFS, but don't know if encryption of 
network communication is built in or integrated. I suspect not. (Haven't 
done the research yet...)

Is NFS(4) still the best (and easiest-to-use?) solution?

Thanks.


-- 
Daniel Yek

More information about the fedora-devel-list mailing list