Secure File System
Results 1 to 7 of 7

Thread: Secure File System

  1. #1
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    Secure File System

    This article is written from a Red Hat 9 perspective, should be easily applicable to other *nix.

    Have you used NFS to share files accross networks? Have you ever wanted to do the same thing more securely?

    If so you need SHFS

    SHFS is a secure file system that uses SSH to provide a method for mounting an external file system securely from any system running SSHD

    Interested? Good then read on.

    First you will need to obtain the source and build a kernel module from SHFS on Sourceforge

    su to root and then unpack the file with tar -xzvf shfs-0.32pre2.tar.gz

    This will create a shfs-0.32pre2 directory and in there you will find installation instructions Read and understand these.

    The following :

    # Check shfs/Makefile and the include path (-I switch). It should contain path to include directory of your current kernel.
    # Important (kernel 2.4): check that your compiler is the same as used for compiling your kernel:

    # gcc --version
    2.96
    # cat /proc/version
    Linux version 2.4.18 (root@host) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98))

    If these versions differ, check for your configuration, how to call the kernel compiler (e.g. gcc-3.2). You will have to pass this to make (make CC=gcc-3.2).


    Should be checked, but for RH9 there were no problems here.

    cd shfs-0.32pre2
    make
    insmod shfs/shfs.o
    make install

    all worked without a hitch on RH9

    Okay, so how do you use it.

    First if non root users need to be able to mount file systems using this method you need to do :
    chmod u+s /usr/bin/shfsmount
    chmod u+s /usr/bin/shfsumount


    Okay suppose you have an account on remote_machine.net and that account's home directory is /home/my_account and you want to mount it on your local machine on /mnt/remote (mkdir /mnt/remote if it doesn't exist) then type:
    mount -t shfs my_account@remote_machine.net /mnt/remote

    You will be prompted for your password, unless you have enabled key authentication on this account

    ls /mnt/remote and presto - a secureley mounted remote file system.

    You can also place entries into /etc/fstab

    my_account@remote_machine [tab] /mnt/remote [tab] shfs [tab] defaults


    to make mounting easier. This also works with automount as well.

    Hope people find this useful.

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    w0w great tutorial !!

    It compiled great on my slackware 9.1 (since I compiled the kernel my self, there were no problems)

    The mount worked without a hitch, and I now have my home computers home mounted on a remote box (via the internet)..
    And it is even quite fast !!

    Thanks for finding this !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by the_JinX
    Thanks for finding this !!
    Found it on monday while trying to find an sftp file system - And I was very impressed so I though I'd share.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    After reading, I found out some more:

    KDE has a nice protocol called fish as standard, wich does a simmilar job !!

    just open a konqueror window and type fish://username@computer.server.com and you've got your connection..

    fish

    Allows you to access another computer's files using a simple SSH shell account and standard UNIX® utilities on the remote side. This way, no server software is needed and you gain access to that computer's files as if they were local (or on NFS, since it is slower than local access). It uses the same protocol as MidnightCommander's #sh VFS handler.

    Fish should work with any roughly POSIX compatible UNIX® based remote computer. It uses the shell commands cat, chgrp, chmod, chown, cp, dd, env, expr, grep, ls, mkdir, mv, rm, rmdir, sed, and wc. Fish starts /bin/sh as its shell and expects it to be a Bourne shell (or compatible, like bash). If the sed and file commands are available, as well as a /etc/apache/magic file with MIME type signatures, these will be used to guess MIME types.

    If Perl is available on the remote machine, it will be used instead. Then only env and /bin/sh are needed. Using Perl has the additional benefit of being faster.

    Fish may even work on Windows® machines, if tools like Cygwin are installed. All the above utilities must be in the system PATH, and the initial shell must be able to process the command echo FISH:;/bin/sh correctly.
    But IMHO shfs is much more versatile !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by the_JinX
    After reading, I found out some more:

    KDE has a nice protocol called fish as standard, wich does a simmilar job !!

    just open a konqueror window and type fish://username@computer.server.com and you've got your connection..



    But IMHO shfs is much more versatile !!
    Yeah, works nicely - although I just can't get on with KDE or konq.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    excellent but what does it do? I very new to the world of Linux. I'm currently running Linux RedHat 9 on desktop mode. by the way how the hell do I install nmap? And use it? I download it from insecure.org opened it, it has all these files with these ****ed up extensions, config.s <---**** like this, but a lot more.

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by Computernerd22
    excellent but what does it do? I very new to the world of Linux. I'm currently running Linux RedHat 9 on desktop mode. by the way how the hell do I install nmap? And use it? I download it from insecure.org opened it, it has all these files with these ****ed up extensions, config.s <---**** like this, but a lot more.
    To find out what it does, you need some basic understanding of linux file systems.

    You also need to understand that the file extension you get with windows/dos file systems do not apply to linux. There is nothing wrong with config.s

    Try installing the RH9 documentation and then reading it.

    Chapter 14 of the Red Hat 9 Getting started guide would be a good start.

    As for NMAP it comes with RH9 already - I've posted an answer to this question in another thread already once.

    http://www.antionline.com/showthread...137#post676971

    Have you even read the reply, because following those instructions is pretty much idiot proof.

    And you are still hijacking other people's threads.

    My advice to you would be to improve your general level of knowledge on RH9 by reading all the documents before asking people here to help you with basic questions. The answers to everything you are asking at the moment are very easily obtainable.

    Steve

    /edit

    I mean for *****s sake you've even posted to this thread & haven't even looked at the other suggestions there :

    http://www.antionline.com/showthread...hreadid=249803

    Do you think you should be offering advice like this:
    http://www.antionline.com/showthread...659#post673037

    When you obviously understand so little. Just because you get buffer overflows doesn't mean other will.



    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •