[PLUG] winscp
michael
michael at robinson-west.com
Tue Dec 5 15:25:51 UTC 2017
I'm thinking about how to address security concerns with mount.cifs from
a Pi 3 running Raspbian Stretch.
An option is to have the customer run winscp server on their Windows
server and give me a login/password to a limited account that can see
the relevant shared files on the windows network.
Granted, once I'm connecting via a limited account, the security
concerns are less for mount.cifs. OpenSSH is the code behind winscp,
but from what I can see, the administrator has to install winscp.
If I ignore the security concern that the password transmits in the
clear with mount.cifs, it is simple for the Windows administrator to set
up a share and a limited login that can access that share.
As far as active directory, etcetera, I don't understand how that works
where I lack the necessary time to learn how that works. PC-NFS has
problems similar to mount.cifs, unless of course Kerberos is used for
authentication. Again, I don't have time to learn how to setup Kerberos
and it would be a lot of work on the windows side.
The Raspberry Pi 3 model B is limited on processing power and memory.
Push it hard enough and it will overheat. Keep in mind, the only time
truss files need to transfer from Windows to the Pi is when there is a
request for a new one that isn't already locally available. If scp is
used, that should be lighter than keeping a CIFS share or an NFS share
mounted between Linux and Windows.
More information about the PLUG
mailing list