ssh - no added security?
Mark Hedges
hedges at recyclecomputer.com
Tue Mar 25 18:57:00 CET 2003
On Tue, 25 Mar 2003, Sune Rastad Bahn wrote:
>
> pll at lanminds.com skrev:
> > In a message dated: Mon, 24 Mar 2003 17:40:04 EST
> >
> > Mark Hedges said:
> > >There would need to be away to encrypt the NFS mount.
> > >Is this possible?
> >
> > You can tunnel NFS over ssh if you want to, but it might be rather
> > slow, I don't know, I've never tried it.
>
> Another problem is that it is the kernel which mounts the nfsroot.
> So, either you have to compile the encryption into the kernel or make a very
> large initrd so you can start up ssh from that.
> Anyway you still have the problem that the kernel is from tftp which as the
> name say is a very trivial (and hence very insecure) protocol, leaving plenty
> of space for an attacker to fool you machine into using his kernel instead of
> your own. You have to figure out some very clever boot process to avoid that!
> Basically you need to have security build in already in the boot process,
> which means no PXE/dhcp, no bootp etc.. you'll probably end up booting from a
> cd... so why use fai in the first place?
It is still useful for pre-defining custom package
installations, and automatic disk partitioning is also useful.
Maybe bootfloppy should be abandoned for a boot CD that contains
the kernel, all modules, all of nfsroot, and sshd with its own
keys. sshd is not going to fit on a floppy.
If packages are still kept on the nfs fai server, the boot CD
will not be out of date as fast.
Hmm, using ssh on a boot CD to tunnel the mount of the fai
configuration through any network would be useful....
--mark--
More information about the linux-fai
mailing list