I want to connect to my home server from work using NFS. I tried sshfs but some people say it’s not as reliable as NFS.
I know sshfs traffic is encrypted. But what about NFS? Can someone sniff my traffic and view the files I’m copying?
I’m using NFSv4 in my LAN and it works great.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
If you use NFSv4 with sec=krb5p, then it is secure. (That means use Kerberos 5 for authentication, and encrypt the connection for privacy.) But if you use NFS v3 or NFS v4 with sys=system, then no, it’s not secure at all.
There might also be some concern with exposing the kerberos and rpc ports to the internet at large, just in case of unknown vulnerabilities.
Method 2
NFS itself is not generally considered secure – using the kerberos option as @matt suggests is one option, but your best bet if you have to use NFS is to use a secure VPN and run NFS over that – this way you at least protect the insecure filesystem from the Internet – ofcourse if someone breaches your VPN you’re effectively wide open, but that would be the usual scenarion anyway.
Method 3
I don’t know who some people are, but I don’t agree with them at all. sshfs is about 99% of the speed of NFS (tested) and a lot more robust. It carries with it the ability of ssh to handle the flaky nature of internet traffic without dropping, that on NFS would have you hanging with stale file handles.
I’ve used sshfs to mount my home directory on my box in NYC from San Jose and stayed connected and working for 3 days continuous data movement without a hiccup.
Try it, you’ll like it.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0