a little security
Rusty Carruth
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 7 Sep 2001 10:15:58 -0700 (MST)
>
> Okay, I know half of you will probably shoot me for this, but I'm doing
> it anyway...
I'll let Frenchie take that job ;-)
> I need access to a volume on a server across the internet.
> Right now I am running samba and I am connecting by running three
> ssh tunnells to ports 137, 138, and 139 from my computer at work to the
> server. From there I mount the volumes.
Um, which do you mean:
<you>--<your_computer><ssh_tunnelling_137,138,139>---<internet>---<ssh_server><fileserver>
or
<you>--<your_computer>---<internet>---<fileserver><ssh_tunnelling_137,138,139>---<fileserver2>
the latter is really bad, for extremely large values of bad.
the former is only bad if you allow people into your machine, OR if you allow the
port forwards to be used from outside your machine.
> There has to be a more secure way than this. Especially more secure than
> samba.. I have a good password, but still any sniffer would get it in a
Oh, I don't know. nfs is probably worse ;-)
> few seconds. Except for the ssh tunnels, there really isn't any
> security.
>
> Are there any safer ways any one knows of that I could do this?
> I'm not so worried about my security where someone sniffs me and gets my
> password, but others seeing the wide open ports and going after it..
> It's pretty stupid.
>
> I was thinking about setting ipchains to only accept the connection from
> a specific ip, but is there a better way than this? Any input helpfull.
> Thanks guys.
Well, first, I'd be sure I'm doing the first option I mention above.
Then, make ssh only accept you from your machine. I'm sure others
can come up with more paranoid suggestions also.
> nathan
>
>
> --
> "Ah, lives there a man with soul so dead, who never to himself hath
> said,
> as he hunched and rolled in his comfortable bed:
> To hell with rent...I'll drink instead!"
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>