Title.

The situation is basically this:

  • NFS works, it’s very fast, keeps the xattrs but if used without Kerberos it’s not secure. If used with Kerberos it works, but has a ticket that expires and forces me to reenter the credentials frequently in order to use it. If there was a way to use NFS with Kerberos and save the credentials NFS would be the perfect solution.

  • Samba works fine too, also keeps the xattrs but I had some troubles with filenames (mainly with some special characters, emoji, etc). Besides, as both my server and my clients run Linux I prefer to avoid it if I have the choice.

  • sshfs would be the natural choice, not as fast as NFS but it’s pretty secure, I already use it in most of my network shares but I just can’t find a way to make it preserve the files xattrs.

Do you guys have any suggestions or maybe any other options that I might use?

  • SolidGrue
    link
    fedilink
    English
    135 months ago

    Secure file transfers frequently trade off some performance for their crypto. You can’t have it both ways. (Well, you can but you’d need hardware crypto offload or end to end MACSEC, where both are more exotic use cases)

    rsync is basically a copy command with a lot of knobs and stream optimization. It also happens to be able to invoke SSH to pipeline encrypted data over the network at the cost of using ssh for encrypting the stream.

    Your other two options are faster because of write-behind caching in to protocol and transfer in the clear-- you don’t bog down the stream with crypto overhead, but you’re also exposing your payload

    File managers are probably the slowest of your options because they’re a feature of the DE, and there are more layers of calls between your client and the data stream. Plus, it’s probably leveraging one of NFS, Samba or SSHFS anyway.

    I believe “rsync -e ssh” is going to be your best over all case for secure, fast, and xattrs. SCP might be a close second. SSHFS is a userland application, and might suffer some penalties for it

    • CtrlAltOoopsOP
      link
      fedilink
      45 months ago

      I’ll take a closer look into rsync possibilities and see if it applies to my situation. I appreciate your input.