Creating an encrypted tunnel for remote shares

From: JDS (jeffrey_at_example.invalid)
Date: 11/14/05

• Next message: BlackTopBum: "Re: New Site..."
• Previous message: Vesna: "Screen recording utility"
• Next in thread: Ivan Marsh: "Re: Creating an encrypted tunnel for remote shares"
• Reply: Ivan Marsh: "Re: Creating an encrypted tunnel for remote shares"
• Reply: Nico Kadel-Garcia: "Re: Creating an encrypted tunnel for remote shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Mon, 14 Nov 2005 14:32:42 -0500

Hi, all. I have several questions that I have not been able to adequately
find an answer. These questions revolve around a pair of servers, one of
which's /home I wish to mount on the other.

They are both RHEL 4.

Everything is "standard" RHEL 4 packages -- I do not intend to compile
anything from source or use any 3rd-party RPM repositories. (Consider
compiling-from-source as Not an Option(TM))

They have both been up2date-ed as recently as possible.

Question 1
Which remote share technology is preferred -- Samba or NFS?
To me, Samba is much more configurable (and easier to configure) than NFS.
I have tested shares mounted similarly, using either protocol, and from
the point of view of the way I am using the servers, I can't see any real
difference. Is Samba more or less secure than NFS? Or is that a moot
question?

Question 2
How can I tunnel SMB through SSH (or use SSL)? I understand SSL has been
removed from Samba3. What I can't figure out, though, is what people have
been doing in its place. Stunnel? All the references to configuring
stunnel I can find refer to older samba versions, and setting up stunnel
on Windows. There will be no Windows here.

Question 3
Can I just clamp down access to either server and not worry too much about
encrypting traffic? i.e., will encryption make my servers much more secure
or am I going on a wild goose chase?

Any advice in these areas would be appreciated. I can, of course, supply
much more detail as requested. Just not sure what at the moment; let me
know.

-- 
    JDS | jeffrey@example.invalid
        | http://www.newtnotes.com
  DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

---

• Next message: BlackTopBum: "Re: New Site..."
• Previous message: Vesna: "Screen recording utility"
• Next in thread: Ivan Marsh: "Re: Creating an encrypted tunnel for remote shares"
• Reply: Ivan Marsh: "Re: Creating an encrypted tunnel for remote shares"
• Reply: Nico Kadel-Garcia: "Re: Creating an encrypted tunnel for remote shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Samba 3.0.25 Available for Download ... Samba production release. ... Significant improvements in the winbind off-line logon support. ... improved read performance with Linux servers. ... Support for Additional ACL Modules ... (comp.protocols.smb) Re: Authenticating mixed clients for Internet Access ... user authentication with samba PDC. ... look into the winbind suite of samba and give some ACL ... but it is the Internet access control ... > Linux and NT servers. ... (Security-Basics) Re: XP Blues ... and does maintain a large number of Samba file/print servers. ... matching UID/GID settings to allow permissions to work pretty ... The only problems I've seen with SP2 is for clients to kill Samba's ... (comp.unix.sco.misc) Re: XP Blues ... >>mounting an NFS share from OpenServer to Linux, ... Most of the samba servers use domain ... > a proprietary app which is soon becoming available for Linux, ... (comp.unix.sco.misc) Creating an encrypted tunnel for remote shares ... Samba is much more configurable than NFS. ... the point of view of the way I am using the servers, ... stunnel I can find refer to older samba versions, ... (alt.linux)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > alt.os.linux  > 2005-11