Secure NFS (SNFS) via SSH tunneling of UDP datagrams, as suggested in the SSH FAQ, has now been implemented and is available for download from http://www.math.ualberta.ca/imaging/snfs/. This is an enhancement of the original sec_rpc package developed by Holger Trapp. * Tunneling via SSH increases the security of the connection and prevents IP spoofing. * SNFS has been tested on Linux i386 and alpha platforms under RedHat 6.2. * No changes to the kernel or existing daemons are required. * On a high-end workstation, tunneling of large files results in only a slight degradation in speed (eg. 4MB/s instead of 5MB/s). * Detailed configuration instructions are contained in the file NFS/README.NFS. Here is a question for this group: so far, of the 4 UDP services, only mountd and nfsd are being tunneled through ssh. In sec_rpc-1.0, portmap/rpcbind and the lock manager are not being tunneled, because the system is configured so that only local connections to the portmap are allowed anyway (via /etc/hosts.allow). Are there any security concerns here? Thanks, -- John Bowman University of Alberta http://www.math.ualberta.ca/~bowman