FreeBSD Manual Pages
CFSSH(1) General Commands Manual CFSSH(1) NAME cfssh - (somewhat) secure CFS shell SYNOPSIS cfssh directory DESCRIPTION cfssh uses cattach(1) to associate the encrypted directory (previously created with cmkdir(1)) with a randomly selected name. Once the cor- rect passphrase is provided, cfssh invokes a new shell with the random directory in /crypt as its working directory. When the shell exits, the temporary attach name is deleted with cdetach(1). Since the gener- ated names are somewhat obscure and are hidden from view with CFS's "." mechanism, casual attackers cannot easily exploit the attached cleart- ext even if they can spoof the UID of the user. This command assumes the Korn Shell is installed as /bin/ksh. SEE ALSO cfsd(8), cattach(1), cdetach(1), cmkdir(1) BUGS The temporary names generated are not random in any cryptographically strong sense, so this command should really only be viewed as an exam- ple. A determined attacker could probably guess the generated name by exploiting the known properties of the way the ksh random function is seeded. There's no hiding from an attacker who can compromise root on the client system while an attach is active. AUTHOR Matt Blaze; for information on cfs, email to cfs@research.att.com. CFSSH(1)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | BUGS | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=cfssh&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>