Man Linux: Main Page and Category List


       cfssh - (somewhat) secure CFS shell


       cfssh directory


       cfssh  uses cattach(1) to associate the encrypted directory (previously
       created with cmkdir(1))  with  a  randomly  selected  name.   Once  the
       correct  passphrase  is  provided,  cfssh  invokes a new shell with the
       random directory in /crypt as its working directory.   When  the  shell
       exits, the temporary attach name is deleted with cdetach(1).  Since the
       generated names are somewhat obscure and  are  hidden  from  view  with
       CFS’s  "."  mechanism,  casual  attackers  cannot  easily  exploit  the
       attached cleartext even if they can spoof the UID of the user.


       cfsd(8), cattach(1), cdetach(1), cmkdir(1)


       The temporary names generated are not random in  any  cryptographically
       strong  sense,  so  this  command  should  really  only be viewed as an
       example.  A determined attacker could probably guess the generated name
       by  exploiting  the known properties of the way the ksh random function
       is seeded.

       There’s no hiding from an attacker  who  can  compromise  root  on  the
       client system while an attach is active.


       Matt Blaze; for information on cfs, email to