Samba over SSH

[sec_ware]

Hi

what?


Tunneling through SSH has already been somewhat covered here on AO.
Also, there is a thread about samba over ssh[1], but not very detailed.


Here, I'd like to show how to access securely (using SSH tunnels) a samba
server from a Windows XP pro client, by mapping a network drive.
The authorisation as well as the file-transfer procedure is then encrypted.
Maybe this makes sense in some context, maybe it's just for fun. Note, that
sftp might be a better solution for your purposes.


Typical setup Home Lan:
-ssh-server 192.168.1.10 <-...-> 216.239.57.99 (public IP)
-samba-server 192.168.1.11


why?

Why samba: A guy, somewhere in the Internet, needs a samba share from 216.239.57.99, but for
obvious reasons, 137-139,445 are blocked at 216.239.57.99. Maybe he wants to listen to music
on that samba share and his player-software needs a network drive.

Why SSH: SSH tunneling is a good choice - there are even some people here tunneling VNC over SSH.


how?

We won't use some stunnel[2]-solution, but either putty[3] or the tectia client[4].

We try to establish a local ssh tunnel connection in the sense of

Code:

ssh username@216.239.57.99 -L 139:192.168.1.11:139

Note: We establish a connection from 139 to 139.


let's do it


NetBIOS on 139?
Since we want create a network drive, we need access to 139 on the first hand.
Type in a command shell:

Code:

net stop server

Add a SSH tunnel (evaluated at 192.168.1.10!):
Putty:
Connection.SSH.tunnels
Source: 139
Destination: 192.168.1.11:139

Tectia:
Profile.Tunneling
Listen: 139
Destination: 192.168.1.11
Destination Port: 139

Establish the SSH connection.

Testing

Code:

netstat -ano

should show a line like

Code:

TCP 127.0.0.1:139 0.0.0.0:0  LISTENING 1572

where tasklist /SVC shows that 1572 = Putty/SshClient

Code:

telnet 127.0.0.1 139

should show an empty display. If this test is successful, the connection is established!
Close the telnet terminal.


Finalising

Code:

net use z: \\127.0.0.1\sharename [/user:username2]

where sharename is the shared folder name on the samba server, eg. "public".


Ending

If we do not need the connection anymore, we could restart the server service:

Code:

net start server

If you encounter any problems, please inform me.
I tested the whole setup, but cannot guarantee its
working for all windows versions.


Cheers!


[1] http://www.antionline.com/showthread...ight=samba+ssh
[2] http://www.stunnel.org/
[3] http://www.chiark.greenend.org.uk/~s.../download.html
[4] http://www.ssh.com/support/downloads/