On Mon, Apr 23, 2007 at 09:28:53PM +0200, Rico Secada wrote:
> Hi
>
> I need some comments from you guys on using sshfs as a solution at
> work.
>
> I need to make some of our NFS servers available for employees at
> their homes (where they live). I have been looking at both IPSec
> together with VPN, but I really like SSH better. At debian mailinglist
> I got a suggestion about using sshfs and nothing else, I really love
> SSH, but are a bit worried about users being able to ssh in. With
> sshfs the workers can mount their home directories like with nfs.
>
> If userlands are setup chmod 700, and each user are in no groups but
> themselves, does this pose a security risk?
This is a public mailing list. Trim your message at 72 columns.
> [demime 1.01d removed an attachment of type application/pgp-signature which
> had a name of signature.asc]
mail.html specifically states not to do this, and posting them as an
attachment is particularly useless.
However, I presume you came here looking for advice that actually
pertains to your question.
sshfs uses FUSE, which is at the moment Linux-only. It's also an
interesting, but rather scary, contraption. Getting it installed might
not be easy. (I say 'might' because I've never tried it; for all I know,
all major distributions have a package and compile the relevant part
into their stock kernels. Does anybody have more information?)
If the goal is to use SSH, you might want to take a look at ssh -w; I
believe that will work for you, but read the docs first. As an
alternative, consider switching to something with fixed port
allocations (CIFS/SAMBA, AFS) and port forwarding.
Finally, if confidentiality does not matter, consider authpf.
However, the proper way to set up a VPN is to set up a VPN.
Joachim
--
TFMotD: amd (8) - automatically mount file systems
