Here's a bunch of changes I've made to the current portable version of OpenSSH. The aim is that the rsa_authentication flag in sshd_config can be given the values "without-nfs" This is really handy within a large organization where incorrectly secured home directories can allow authorized_keys(2) to be modified by someone other than the owner. So now rsa_authentication can take the values (no,without-nfs,yes). Maybe it would be better to use (no,yes,with-nfs). So it's an active decision that the user has to make if the wish to allow authorized_keys(2) from nfs mounts. I'd like to feed this enhancement back into the OpenBSD build, NFS security is not just a problem that relates to Solaris. Tim McGarry -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-rsa-nfs.txt Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010727/2a00f1c0/attachment.txt
>I'd like to feed this enhancement back into the OpenBSD build, NFS security >is not just a problem that relates to Solaris.NFS on Solaris is secure, please don't propgate the myth that NFS is not secure - especially on Solaris. Since SunOS 4.x days NFS could be secured by using Secure RPC which uses public keys and diffie helman exchange for authentication. Since Solaris 2.6 (+ the free unbundled SEAM) you can secure NFS using Kerberos since NFS uses RPCSEC_GSS. Kerberos can be used for authentication, integrity and encrypting the data. NFSv4 has Kerberos (and SPKM/LIPKEY) as mandatory so any vendor claiming that they have NFSv4 is required to have strong security for NFS. Now that I've had my rant there are some issues with the patch. 1. I don't believe this works if NFS is used with cachefs since the file system won't show up as nfs but cachefs. 2. It assumes that all other remote filesystems are ok. 3. It assumes that NFS isn't secure - it maybe. -- Darren J Moffat
On Fri, Jul 27, 2001 at 10:21:36AM +0200, Tim McGarry wrote:> Here's a bunch of changes I've made to the current portable version of > OpenSSH. > > The aim is that the rsa_authentication flag in sshd_config can be given the > values "without-nfs" This is really handy within a large organization where > incorrectly secured home directories can allow authorized_keys(2) to be > modified by someone other than the owner. > > So now rsa_authentication can take the values (no,without-nfs,yes). Maybe it > would be better to use (no,yes,with-nfs). So it's an active decision that > the user has to make if the wish to allow authorized_keys(2) from nfs > mounts. > > I'd like to feed this enhancement back into the OpenBSD build, NFS security > is not just a problem that relates to Solaris.the security of NFS depends on how it is used. instead i suggest the AuthorizedKeysFile option from sshd.