Best Shared Filesystem with Encryption and Authentication for Linux Servers

By
Simon Furrel
-
0
20
Asked By CuriousPanda42 On

I'm working with a setup of about 8 Linux servers running Fedora Server 41, and I'm trying to figure out the best way to share users' home directories across all of them. My goal is to have a shared filesystem that allows users to access the same files in real-time, regardless of which server they log into. I've considered using NFS, but I'm concerned about its lack of built-in encryption and authentication. I want to ensure that files are encrypted during network transfer to prevent unauthorized access from anyone on the local network. While we've looked into Ceph, it seems a bit excessive for our needs. Can anyone suggest a suitable tool or approach that supports both encryption and authentication for this shared filesystem?

4 Answers

Answered By ServerNinja99 On

You could consider NFS over WireGuard or using stunnel. This would allow you to encrypt the NFS traffic during transmission. Combining that with autofs for mounting and sssd for authentication via LDAP could work well for your setup.

Answered By DataGuru123 On

If you're on Windows, something like BitLocker with SMB sharing combined with DFS Namespace could work well for your setup. For Linux, if you go with NFS, ensure that your traffic is isolated on a VLAN for additional security.

Answered By TechieGal88 On

To better help you, could you clarify what your business or audit requirements are? Are all your servers Linux-based? When you mention sharing home directories, are you looking for real-time access rather than just a synchronization setup? Also, what level of encryption are you aiming for – at rest or in transit? And regarding authentication, what methods are you considering: usernames and passwords, keys, or something like SAML? Understanding all these details will help in recommending the right solution.

Answered By LinuxWhizKid On

NFS version 4 does provide stronger user authentication, but you will need to set up Kerberos. Another option you might explore is using Samba, which could align with your needs too.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.