It looks like http://nfs.sourceforge.net/nfs-howto/security.html#NFS-SSH
is incorrect wrt privileged ports:
The HOWTO seems to assume that if you do "ssh [email protected] -L
250:localhost:2049", then sshd will use a low port when connecting to
nfsd. This is not true, at least not on common distributions like SuSE 9.
As far as I know, it's not possible to make the sshd use low ports when
connecting through tunnels.
*If* sshd would use a low, port, then the statements about that *any* user
could mount the server is wrong.
As I understand it, tunneling NFS through SSH would be done more like:
1) Add to /etc/exports:
/home 127.0.0.1(rw,insecure)
2) Start tunnels (no need to be root, one tunnel sufficient):
ssh [email protected] -L 12049:localhost:2049 -L 32767:localhost:32767 -f sleep 60m
3) Mount, as root:
mount -o nolock,tcp,port=12049,mountport=32767 localhost:/home /mnt
Now, when using the "insecure" option and an export to 127.0.0.1, the
statement about "any users can do everything" is correct.
Btw, I think a userspace server like "unfs3", running as an ordinary user,
is more suitable for SSH tunnels.
--
Peter ?strand http://www.thinlinc.com
Cendio http://www.cendio.se
Teknikringen 3 Phone: +46-13-21 46 00
583 30 Link?ping
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs