NFS how to secure transfers?
 

Hello,

i would like to use SSHFS or NSF to transfer tar.gz backups from one of my server to another. Both servers hosting publicly accessible services. The transfer should be secure. SSHFS is secure, but NSF i found i might need to work with /etc/hosts.deny and hosts.allow

i want to ask what should i add in hosts.deny/allow so data transfers and access is secure?

someone mention like:

A)

to /etc/hosts.allow:

portmap: 192.168.0.1 , 192.168.0.2
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2

source: http://www.tldp.org/HOWTO/NFS-HOWTO/server.html

B)

Add the following line to /etc/hosts.deny:

rpcbind mountd nfsd statd lockd rquotad : ALL

add the following line to /etc/hosts.allow:

rpcbind mountd nfsd statd lockd rquotad : list of IP addresses

source: https://help.ubuntu.com/community/SettingUpNFSHowTo

C)

add in /etc/hosts.deny:

portmap:ALL

and then in /etc/hosts.allow:

portmap: 192.168.1.1, 192.168.1.2, 192.168.1.3

source: http://www.techrepublic.com/blog/lin...-nfs-on-linux/


-----
so i want to ask which is best if i have only one client and one server, both in different datacenter.
What else i need to consider for security, any link? thx

PS: i want to use probably rather NFS, because according to this benchmark its faster than SSHFS.

Why not just specify your client machine in /etc/exports, that way no other systems can mount it?

nfs is faster but sshfs has encrypted traffic -- pick your poison.

you can also try rsync over ssh (gzip has a --rsyncable switch to work better together)