A secure remote filesystem that can traverse NAT
|
Author | Content |
---|---|
Sander_Marechal Jun 04, 2007 4:28 PM EDT |
Hi all, I am looking for a secure remote filesystem that is able to traverse NAT. As I understand it NFS and SMB are not able to traverse NAT. Besides, using a Windows server protocol in an all Debian/etch network seems "wrong" somehow :-) I would like to host a secure network filesystem here and let a friend have access to it too. I've been thinking about sshfs but that doesn't seem like an ideal solution to me. Do you know of any other options? |
jdixon Jun 04, 2007 7:11 PM EDT |
Well, re-reading your message, you've already considered sshfs, which is the only one I can think of. I'll look around, but I haven't encountered any others. |
jdixon Jun 04, 2007 7:22 PM EDT |
OK, take a look at SFS: http://www.fs.net/sfswww/sfsfaq.html and see if it looks usable or not. It mentions several other options in its faq, some of which you may also want to look at. |
Sander_Marechal Jun 04, 2007 10:22 PM EDT |
SFS looks interesting. Thanks for that. Come to think of it, some kind of collaboration/groupware server could also do the job. I want to use the shared directory as a place where my freind and I store details on various projects and customers for our business. E.g. design concepts. Invoices. Passwords to webservers. Etcetera If there is something like 37Signals' Basecamp that I can install myself (http://www.basecamphq.com/) then that would work well too I guess. |
Aladdin_Sane Jun 04, 2007 10:46 PM EDT |
Sounds like a wiki to me. |
Sander_Marechal Jun 05, 2007 1:53 AM EDT |
It's not. But a wiki that would allow me to attach arbitrary files to a page would go some way. |
NoDough Jun 05, 2007 8:31 AM EDT |
Have you considered setting him up with VPN access to your private network? |
jdixon Jun 05, 2007 9:04 AM EDT |
> Have you considered setting him up with VPN access to your private network? That's definitely something you might want to consider. There's a partial list of options at: http://www.ontko.com/~nathanst/linux_vpns.html |
Sander_Marechal Jun 05, 2007 1:23 PM EDT |
No, I haven't really considered VPN yet. At first sight it seems a bit overkill for simply sharing a directory. Bit I'll have another look at it. |
tuxchick Jun 05, 2007 2:49 PM EDT |
I heart sshfs. Gwan, try it, you'll like it. EZ howto at the bottom of this article:
http://itmanagement.earthweb.com/article.php/3650436 It's just like ssh, only you get a whole filesystem instead of individual files. **edit** Augh, my old eyes missed that you already considered sshfs. Never mind, then. |
Sander_Marechal Jun 05, 2007 3:13 PM EDT |
My main concern about sshfs it two-fold and it stems from the fact that sshfs is a filesystem built on top of something that isn't: 1) How does it play with other file systems? Can I export a directory over NFS to my local network and have someone use it over sshfs at the same time? 2) How complete is sshfs as a filesystem. Does it do locking so that me and my friend don't overwrite eachother's changes? Can I transfer only parts of files? A good example: to read tags off an mp3 or ogg I only need the first part of the file, not all of it. If I unleash my mp3 tragger on an sshfs mounted system, does it need to transfer all X gigabyte of files? Or can it simply transfer only the first Y bytes of every file so the total transfer is only Z (with Z |
dcparris Jun 05, 2007 3:23 PM EDT |
OpenVPN is something I wrote about not long ago. It really isn't that difficult to setup - especially if you already understand security certificates. Really, it's not much more difficult than NFS - and that's only because of the SSL certificates. ;-) Just a thought. |
Aladdin_Sane Jun 05, 2007 4:08 PM EDT |
sander, virtual file system network bandwidth would not be a problem with other solutions? What I mean is, would not a VPN have the same drawback for reading mp3 tags as sshfs? I use a virtual fs: FUSE with encfs. Works fine and has the drawback you'd expect: When copying large # of files within the volume, takes noticeably long to unencrypt and reencrpyt. Reality wouldn't have it any other way. Or, c'est la vie. Are we dealing with a dial-up connection here? Seems like for dial-up VPN is the usual solution for that. I just realized that sshfs is also a FUSE fs. So, maybe I do have a bit of expertise there. Very easy to set up, I thought, and very very secure (I can't even get in as root, only the one user account that has access rights and the password). wiki I know little about from the admin side, but I know that it allows password-protected login, and easy file transfer using http links. |
jdixon Jun 05, 2007 7:28 PM EDT |
From what I've read and what others are saying, it sounds like sshfs is the clear favorite. SFS is probably a distant second option, and running a VPN solution would probably be the third. Any of the above will probably let you do what you want. There are also probably at least a dozen more esoteric ways to do it, as is usually the case with Unix/Linux. Pick you poison and give it a try. :) |
Sander_Marechal Jun 06, 2007 1:18 AM EDT |
Quoting:sander, virtual file system network bandwidth would not be a problem with other solutions? I don't know. I know that NFS does not have that problem (i.e. I can write a program that opens a file and returns just the first 1K of data without transferring all of the file over the network). Maybe it's a FUSE problem. Quoting:Are we dealing with a dial-up connection here? ADSL with 1 Mbit up. SSH takes a lot of overhead so effective transfer speed between my friend and me over SSH is something like 40-60 kilobytes per second. Good enough for a shared folder with e.g. project documentation. Not good enough to share large amounts of data. |
You cannot post until you login.