NFS over ssh

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
We have two Tru64 systems that crossmount directories to each other,
and we want to enhance security.  One ssh book I have (O'Reilly) says
this can't be done; another (McGrawHill) says a patch 1.2.26 must be
used to store keys in a secure location.

Is this only if the directories mounted are the home directories
holding keys?
(We want to cross-mount different directories).
I'm confused if/how we can do what we want (and Google searches have
not helped), I have a little ssh experience but not much.  Do I use
port forwarding to tunnel the NFS traffic or is there more to it?

Mark Bergman
Manchester UK

Re: NFS over ssh

Mark Bergman wrote:
Quoted text here. Click to load it

NFS uses the portmapper and udp, and SSH cannot tunnel that. Stunnel
( cannot either, but zebedee apparently can:

Would be nice to hear about your experiences.

Good luck

.O.  Ole Michaelsen, Copenhagen, Denmark
..O /

Re: NFS over ssh

Ole Michaelsen wrote:
Quoted text here. Click to load it

According to rfc3530 [ ] NFS version 4
implementation MUST support operation over the TCP transport protocol.
And when NFSv4 runs over TCP it can be tunneled with ssh. See KB article
#13150 at The article explains how to use an SSH
tunnel to secure NFSv4 mounts.

Re: NFS over ssh

Quoted text here. Click to load it

There are NFS implementations that can do NFS(v3?) over TCP. Both
Solaris and FreeBSD support it.

David Magda <dmagda at>, /
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI

Re: NFS over ssh

Quoted text here. Click to load it

An early step for improving security these days would be to throw out the
Tru64 operating systems. The NFS, X, and NIS implementations on those are
quite dated, and I'm afraid that maintaining them with any accessible
services on them will leave you quite vulnerable to attack.

Site Timeline