Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CFSSH(1)		    General Commands Manual		      CFSSH(1)

NAME
       cfssh - (somewhat) secure CFS shell

SYNOPSIS
       cfssh directory

DESCRIPTION
       cfssh  uses cattach(1) to associate the encrypted directory (previously
       created with cmkdir(1)) with a randomly selected	name.  Once  the  cor-
       rect  passphrase	is provided, cfssh invokes a new shell with the	random
       directory in /crypt as its working directory.  When  the	 shell	exits,
       the temporary attach name is deleted with cdetach(1).  Since the	gener-
       ated names are somewhat obscure and are hidden from view	with CFS's "."
       mechanism,  casual attackers cannot easily exploit the attached cleart-
       ext even	if they	can spoof the UID of the user.

       This command assumes the	Korn Shell is installed	as /bin/ksh.

SEE ALSO
       cfsd(8),	cattach(1), cdetach(1),	cmkdir(1)

BUGS
       The temporary names generated are not random in	any  cryptographically
       strong  sense, so this command should really only be viewed as an exam-
       ple.  A determined attacker could probably guess	the generated name  by
       exploiting  the	known properties of the	way the	ksh random function is
       seeded.

       There's no hiding from an attacker  who	can  compromise	 root  on  the
       client system while an attach is	active.

AUTHOR
       Matt Blaze; for information on cfs, email to cfs@research.att.com.

								      CFSSH(1)

NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | BUGS | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=cfssh&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help