From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 13 22:15:18 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3A3B516A41F
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Sep 2005 22:15:18 +0000 (GMT) (envelope-from jd@dagerot.com)
Received: from amail1.space2u.com (amail1.space2u.com [62.20.1.174])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F60E43D45
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Sep 2005 22:15:17 +0000 (GMT) (envelope-from jd@dagerot.com)
Received: from localhost (www-core.space2u.com [62.20.1.180])
	by amail1.space2u.com (8.13.4/8.13.4) with ESMTP id j8DMFDNV020344
	for <freebsd-questions@freebsd.org>; Wed, 14 Sep 2005 00:15:13 +0200
Date: Wed, 14 Sep 2005 00:15:13 +0200
Message-Id: <200509132215.j8DMFDNV020344@amail1.space2u.com>
MIME-Version: 1.0
From: "Joachim Dagerot" <jd@dagerot.com>
To: freebsd-questions@freebsd.org
Cc: 
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Subject: Securing samba?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2005 22:15:18 -0000


I managed to narrow down the ssh accesss to only allow users with a RSA key. The server is now closed to a good extent.  (Thank you Alex Zbyslaw and Frank Mueller)


However, due to some windows clients in the network we are forced to run samba. Are there any known security problems with that? Is there a way to tunnel the file traffic over SSH without any trouble for the users? (It's ok to install keys etc on their machine, but they must only be forced to login with the windows password).

I guess my question are two:

1. Is samba safe enough to run on the LAN side of a machine that are available from the internet only on port 22 and only for users with a RSA key?

2. Is there a better file sharing system that works good for the windows users than samba?


Again, this lists assembled knowledge is certainly on of a kind!!!

//Joe