sec_ware
December 6th, 2004, 09:20 AM
Hi
what?
Tunneling through SSH has already been somewhat covered here on AO.
Also, there is a thread about samba over ssh[1], but not very detailed.
Here, I'd like to show how to access securely (using SSH tunnels) a samba
server from a Windows XP pro client, by mapping a network drive.
The authorisation as well as the file-transfer procedure is then encrypted.
Maybe this makes sense in some context, maybe it's just for fun. Note, that
sftp might be a better solution for your purposes.
Typical setup Home Lan:
-ssh-server 192.168.1.10 <-...-> 216.239.57.99 (public IP)
-samba-server 192.168.1.11
why?
Why samba: A guy, somewhere in the Internet, needs a samba share from 216.239.57.99, but for
obvious reasons, 137-139,445 are blocked at 216.239.57.99. Maybe he wants to listen to music
on that samba share and his player-software needs a network drive.
Why SSH: SSH tunneling is a good choice - there are even some people here tunneling VNC over SSH. :)
how?
We won't use some stunnel[2]-solution, but either putty[3] or the tectia client[4].
We try to establish a local ssh tunnel connection in the sense of
ssh username@216.239.57.99 -L 139:192.168.1.11:139
Note: We establish a connection from 139 to 139.
let's do it
NetBIOS on 139?
Since we want create a network drive, we need access to 139 on the first hand.
Type in a command shell:
net stop server
Add a SSH tunnel (evaluated at 192.168.1.10!):
Putty:
Connection.SSH.tunnels
Source: 139
Destination: 192.168.1.11:139
Tectia:
Profile.Tunneling
Listen: 139
Destination: 192.168.1.11
Destination Port: 139
Establish the SSH connection.
Testing
netstat -ano
should show a line like
TCP 127.0.0.1:139 0.0.0.0:0 LISTENING 1572
where tasklist /SVC shows that 1572 = Putty/SshClient
telnet 127.0.0.1 139
should show an empty display. If this test is successful, the connection is established!
Close the telnet terminal.
Finalising
net use z: \\127.0.0.1\sharename [/user:username2]
where sharename is the shared folder name on the samba server, eg. "public".
Ending
If we do not need the connection anymore, we could restart the server service:
net start server
If you encounter any problems, please inform me.
I tested the whole setup, but cannot guarantee its
working for all windows versions.
Cheers!
[1] http://www.antionline.com/showthread.php?s=&threadid=242891&highlight=samba+ssh
[2] http://www.stunnel.org/
[3] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
[4] http://www.ssh.com/support/downloads/
what?
Tunneling through SSH has already been somewhat covered here on AO.
Also, there is a thread about samba over ssh[1], but not very detailed.
Here, I'd like to show how to access securely (using SSH tunnels) a samba
server from a Windows XP pro client, by mapping a network drive.
The authorisation as well as the file-transfer procedure is then encrypted.
Maybe this makes sense in some context, maybe it's just for fun. Note, that
sftp might be a better solution for your purposes.
Typical setup Home Lan:
-ssh-server 192.168.1.10 <-...-> 216.239.57.99 (public IP)
-samba-server 192.168.1.11
why?
Why samba: A guy, somewhere in the Internet, needs a samba share from 216.239.57.99, but for
obvious reasons, 137-139,445 are blocked at 216.239.57.99. Maybe he wants to listen to music
on that samba share and his player-software needs a network drive.
Why SSH: SSH tunneling is a good choice - there are even some people here tunneling VNC over SSH. :)
how?
We won't use some stunnel[2]-solution, but either putty[3] or the tectia client[4].
We try to establish a local ssh tunnel connection in the sense of
ssh username@216.239.57.99 -L 139:192.168.1.11:139
Note: We establish a connection from 139 to 139.
let's do it
NetBIOS on 139?
Since we want create a network drive, we need access to 139 on the first hand.
Type in a command shell:
net stop server
Add a SSH tunnel (evaluated at 192.168.1.10!):
Putty:
Connection.SSH.tunnels
Source: 139
Destination: 192.168.1.11:139
Tectia:
Profile.Tunneling
Listen: 139
Destination: 192.168.1.11
Destination Port: 139
Establish the SSH connection.
Testing
netstat -ano
should show a line like
TCP 127.0.0.1:139 0.0.0.0:0 LISTENING 1572
where tasklist /SVC shows that 1572 = Putty/SshClient
telnet 127.0.0.1 139
should show an empty display. If this test is successful, the connection is established!
Close the telnet terminal.
Finalising
net use z: \\127.0.0.1\sharename [/user:username2]
where sharename is the shared folder name on the samba server, eg. "public".
Ending
If we do not need the connection anymore, we could restart the server service:
net start server
If you encounter any problems, please inform me.
I tested the whole setup, but cannot guarantee its
working for all windows versions.
Cheers!
[1] http://www.antionline.com/showthread.php?s=&threadid=242891&highlight=samba+ssh
[2] http://www.stunnel.org/
[3] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
[4] http://www.ssh.com/support/downloads/