Network File System (NFS) is a network file system protocol that allows a user on a client computer to access files over a network. An NFS server is a storage server which operates according to the NFS protocol to store and manage files for its clients. An NFS server makes available (i.e., “exports”) certain stored resources (e.g., files) to certain clients. A particular client can request to “mount” an exported resource (i.e., request to be granted the ability to access an exported resource) in NFS by sending a “mount request” to the file server. If the client has permission to access the resource, the NFS server allows the client to “mount” the resource by returning a file handle describing the pathname of the resource to the client in response to the mount request. After the resource (e.g., a home directory) is mounted to the client and a user ID is received, the NFS server will authenticate the user to access the files in the user's home directory.
Conventionally, additional layers of security have been deployed on a system that mounts resources from an NFS server. One technique for authenticating a remote user is to request the user to submit a password in addition to the user's ID at the time of login. Another technique is to use the Secure Shell (SSH) protocol. SSH is a remote login network protocol that allows data to be exchanged over a secure channel between two computers. SSH uses cryptography to authenticate a user on a remote computer by matching the user's private key with a public key stored in the user's authorized key file. SSH can also authenticate a user using password authentication.
However, in an organization that lacks strict security policies, client computers (e.g., workstations) may be self-administered and a primary user can easily become the root user of his local computer at any time. This primary user can impersonate a second user and log onto a remote computer as the second user, provided that both the local computer and the remote computer mount home directories from the same NFS server. In one scenario, the primary user, by changing his user ID to the second user's user ID on his local computer, can create an illegitimate public key-private key pair, and add the illegitimate public key to the second user's authorized key file. The primary user can also create an authorized key file containing the illegitimate public key if the file does not already exist. As far as the NFS server is concerned, the primary user is the second user and can access any files in the second user's NFS home directory. Subsequently, the primary user may, from the local computer, send an SSH login request to the remote computer as the second user. The remote computer will locate the illegitimate public key from the second user's authorized key file, and perform an SSH public key-private key challenge-response. As the primary user holds the matching private key to the illegitimate public key, the primary user will be able to successfully log onto the remote computer as the second user. The access to other systems as a different user is important, because it may give the attacker (the primary user) the ability to exploit “back doors” installed by the spoofed user (the second user).
Therefore, a person with some technical skills can easily log onto any remote system from a local system as any user, as long as both the local and the remote systems mount home directories from the same NFS server. Thus, there is a need to overcome the security problems in the existing systems with respect to remote logins.