netbsd-users: Re: sshfs alternative?

Subject: Re: sshfs alternative?
To: Stephen Borrill <netbsd@precedence.co.uk>
From: Stefan 'Kaishakunin' Schumacher <stefan@net-tex.de>
List: netbsd-users
Date: 01/18/2006 19:57:06
--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Also sprach Stephen Borrill (netbsd@precedence.co.uk)
> On Tue, 17 Jan 2006, Travis Poppe wrote:
> >I was recently doing some thinking about how I might access my data at h=
ome
> >from a friend's house or somewhere else while using my Jornada 720.
> >
> >FreeBSD recently got a port of FuseFS+SSHFS, which allows you to mount a
> >remote filesystem on another machine via ssh so long as you have ssh acc=
ess
> >to it. This would be ideal, but I don't believe NetBSD has FUSE support=
=20
> >yet.
> >
> >Are there any encrypted/secure alternatives to this on NetBSD that would=
 be
> >usable on the Jornada 720 (hpcarm)? CPU and RAM usage are of concern. NFS
> >would be fine for the device while at home, but not from remote location=
s.
>=20
> Take a look at OpenVPN (net/openvpn in pkgsrc). It's an SSL VPN rather=20
> than IPsec which is often friendlier from a firewall point of view. It's=
=20
> easy to configure and with NetBSD 3.0 you can use it in either bridged=20
> (you appear to be part of the network) or routed mode.

In addition to OpenVPN it is handy to use the cryptographic filesystem
CFS (pkgsrc/security/cfs). CFS works in file system level like an NFS
daemon plus crypto , so you can leave your files encrypted on the server,=
=20
bring them via VPN to your Jornada and decrypt them locally, so the=20
cleartext version is only available in the memory of your Jornada.=20

So even if someone is able to break the encrypted network link, they
still have to crack CFS to access the files.


I did so with my Jornada 680 at university and it worked fine.=20

I wrote a CFS howto:
http://net-tex.dnsalias.org/~stefan/nt/unix/cfs.html

--=20
PGP FPR: CF74 D5F2 4871 3E5C FFFE 0130 11F4 C41E B3FB AE33
--=20
Sch=F6n, m=F6gen die Zensoren auch verschwinden, es wird immer Leute geben,=
 die nicht
anders sind als sie. Es ist ein grosser Irrtum, wenn man glaubt, dass nur i=
m=20
fernen Altertum B=FCcher verbrannt und Literaten lebendigen Leibes begraben=
 wurden.
,,Kyokutei Bakin`` in Ryunosuke Akutagawas ,,Das Versunkensein des Dichters=
``

--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFDzo+CEfTEHrP7rjMRAmVFAJ0fefYTj5laChp2tDdQO7oE09qudQCeIlJc
feAnt6UbeanSibpodVSdyRs=
=OOmV
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--