| View previous topic :: View next topic |
| Author |
Message |
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
 Posted: Mon Dec 03, 2007 9:51 am Post subject: Thinking out theory for secure ssh |
 |
|
Well, I run a ApplicationServer. And they settings has to be saved on the localbox.
So I want to mount the /home folder on connect with NFS.
I want to connect using SSH -x and I want to mount NFS only ONCE.
Since if you mount over eachother you'll get a mess.
Thus, everytime a user presses a icon the client makes a passwordless connection over ssh 2(Blowfish) using the -X <progname> parameter.
Then I should put something in like:
| Code: |
if (firstconnection)
{
MountNFS (Using Kerberos)
}
else
{
DoNOTMountNFS
}
|
But when the last connection stops he has to Dismount the homefolder.
So I got with this Pseudo Code:
| Code: |
if (firstconnection)
{
MountNFS (Using Kerberos)
while (connected)
{
wait();
}
umount NFS
}
|
But that will kill the CPU since of the Never-Ending loop.
And then again. Were should I put that script in then?
Can somebody help me with the Theory on how I can do this the best way?
Everytime a user clicks a button a NEW and extra tunnel is made.
and the NFS share is only allowed to be mounted once.
And on disconnect the mount should be unmounted 
Oh, and a tricky part comes now.
this isnt needed. But its a pre if it can be done..
If the user doesnt exist yet. Then It should be reported and the user should be made by the system..
Well,
Cheers,
Robin
For people checking for Double posts: http://www.linuxforums.org/forum/linux-security/109583-thinking-out-theory-secure-ssh.html that is were I posted it as first.
_________________
Server Unplugged! |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 27170
Location: 56N 3W
|
| Posted: Mon Dec 03, 2007 9:15 pm Post subject: |
|
|
RobinVossen,
Presumably, users are only permitted access to their own /home/<username> folder?
If so, each user can mount their remote home with sshfs. NFS is not required.
The remote server runs sshd in the normal way and local hosts need sys-fs/sshfs-fuse
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Tue Dec 04, 2007 7:43 am Post subject: |
|
|
Ok, thanks! (I guess..)
I have never heard of SSHFS. but Ill look into that
The thing is.
A user makes a Connection to the box.
And when Shares his /home/folder with that box with his account on the app server.
Ill look into sshfs since I cant get NFS working with OpenVZ.
Thanks
Edit:
There Home isnt remote. There home is on there own system.
It mounts to the home of the remote since that is a application server. That tunnels X over ssh.
Since the apps then still run on the appserver and not on the localbox it saves the users settings in its homefolder.
Edit:
Ah, I installed SSHfs now.
but I got a problem with it.
Posted: http://forum.openvz.org/index.php?t=tree&goto=24341&#msg_24341
I guess its a OpenVZ problem and not a Gentoo error.
Thats why I just let it be there.
Cheers,
Robin
_________________
Server Unplugged! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
