RE: FOG SFTP HTTPS

@ George1421 @Junkhacker
Yes i see what you mean fog is firstly designed for mass deployment …
And in this case ok, security is not a priority when only ‘simple’ images transit by network … maybe i need to review my choice. I know Veeam, but the interface management of fog is awesome and could be a good way to manage backups, pc groups and to remotely work with WOL…I have to think about it and and maybe reconsider my goal…

@george1421
thanks George for all these details ! i understood for tftp and NFSv1.

TFPT : no critical data pass though

NFS: i understood what you mean. Do you know if it’s possible to encrypt datas (image captured) with partclone without additional dev (i didn’t found an option like this on fog interface?) i’m aware that an option like this decrease performance of capture/deploy process. but it’s just a question (clonezilla can do it for example).

@Tom-Elliott
When you write “For NFS, the best mechanism I can suggest is to limit “who” or “what” networks are allowed to access” you mean that it is possible to add some information like a network allowed (in etc/host.allow? and /etc/host.deny ?) in my case it will be complicated cause we have only one subnet for all clients. but if it’s possible to configure a list of mac address it could be good. and i can configure it by myself … without bothering you ^^

thanks to all for your responses and explainations!!

PS : @george1421 : It is a very nice project and I intend to give something to help your team and respond to your listening, your involvement and your advice

@Tom-Elliott

ok tanks a lot !

for NFS i’m agree i can securise access directly i can find a trick for this, network or permissions (is it NFSv4 which is used?).

About TFTP i asked because i read that iPXE is capable to works with HTTP/HTTPS ISCSI …etc but maybe i’m wrong. so in case of the exchange by tftp, if it is only sending undionly.kpxe or other .pxe files it’s not a real problem

anyway thanks for taking a look on sftp, it’s really very nice !!
and thank you for your advise.

@george1421

Hi George! thanks for all these details, if i understood how it’s work, lftp is only used on the client side ?
so if i recompile lftp (thank for your ‘how-to’ link) this could resolve the issue of the image moving from /images/dev/@mac to /images/**** during the capture process.

and about the storage node, i need some modification in the fog’s files … specially the file called fogftp.class.php i presume.

ok so could you please give me a contact to ask if theses modifications are possible for the dev team ?
I am not aware of the complexity of the task but if it does not take them too much time and too much effort I will be really glad that they can do it

about the question of TFTP protocol, i’m agree with you, only kernels files pass trough this protocol and they are not critical…if i can explain this at my company it must be fine.

about NFS security, i will see how my company restrict this usage… but if i ask to your team to change all used protocol in FOG it’s not the solution… you make an excellent job and first if only FTP can be changed to SFTP it will be great.

thank you and
have a good day !

@Wayne-Workman

ok thank you for forwarding my question.
i will download 1.3.5 version

Hi all,

First : Congratulations for this AWESOME project

i’m a french student and i would like to implant FOG in my company environment.
i tested fog solution with a VM on hyper-v and some VirtualBox machines and it appear that it’s the good way to make what i would. my project is to schedule backup for some critical PC (one time per month ).

BUT my problem is that in my environment i can’t use unsecure protocols like tftp and ftp. i know that ftp isn’t used for deploy and capture but if my node storage isn’t on my fog server ftp will be used between these two machines. So my first question is : Is it possible to use SFTP instead of FTP ? (i know how to activate SFTP with vsftpd but i don’t know how to change connection mode on server)

thanks for your answer & sorry for my english if i have made mistakes.

PS: i’m using FOG 1.3.4