LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 09-20-2014, 05:33 AM   #1
postcd
Member
 
Registered: Oct 2013
Posts: 527

Rep: Reputation: Disabled
NFS how to secure transfers?


Hello,

i would like to use SSHFS or NSF to transfer tar.gz backups from one of my server to another. Both servers hosting publicly accessible services. The transfer should be secure. SSHFS is secure, but NSF i found i might need to work with /etc/hosts.deny and hosts.allow

i want to ask what should i add in hosts.deny/allow so data transfers and access is secure?

someone mention like:

A)

to /etc/hosts.allow:

portmap: 192.168.0.1 , 192.168.0.2
lockd: 192.168.0.1 , 192.168.0.2
rquotad: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
statd: 192.168.0.1 , 192.168.0.2

source: http://www.tldp.org/HOWTO/NFS-HOWTO/server.html

B)

Add the following line to /etc/hosts.deny:

rpcbind mountd nfsd statd lockd rquotad : ALL

add the following line to /etc/hosts.allow:

rpcbind mountd nfsd statd lockd rquotad : list of IP addresses

source: https://help.ubuntu.com/community/SettingUpNFSHowTo

C)

add in /etc/hosts.deny:

portmap:ALL

and then in /etc/hosts.allow:

portmap: 192.168.1.1, 192.168.1.2, 192.168.1.3

source: http://www.techrepublic.com/blog/lin...-nfs-on-linux/


-----
so i want to ask which is best if i have only one client and one server, both in different datacenter.
What else i need to consider for security, any link? thx

PS: i want to use probably rather NFS, because according to this benchmark its faster than SSHFS.

Last edited by postcd; 09-20-2014 at 05:35 AM.
 
Old 09-20-2014, 09:59 AM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
Why not just specify your client machine in /etc/exports, that way no other systems can mount it?
 
1 members found this post helpful.
Old 09-20-2014, 10:03 AM   #3
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fedora-35
Posts: 5,313

Rep: Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918Reputation: 918
nfs is faster but sshfs has encrypted traffic -- pick your poison.
 
Old 09-20-2014, 02:04 PM   #4
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,692

Rep: Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274
you can also try rsync over ssh (gzip has a --rsyncable switch to work better together)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I do secure transfers? koobi Programming 10 01-28-2008 03:35 AM
NFS transfers to various OS's issues rdelia Linux - Newbie 2 03-22-2007 01:42 PM
SAMBA file transfers not secure - same for Windows? Micro420 Linux - Security 3 01-16-2007 12:20 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM
Secure file and passwd transfers lord-fu Linux - Security 5 11-19-2005 12:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration