SSH Destination

Hello folks,

I have been looking at using an SSH tunnel to provide secure access to an SMB share over the internet.

I have managed to make a tunnel on port 139 that will connect to a Samba share on the local server (using a Windows loopback network), but the share I need access to is on a Windows PC.

Is there some way to route the tunnel through to a host (or IP address) on the local network so that I can access the share directly through the SSH tunnel.

Hopefully this makes sense, feel free to ask if I haven't been clear.

Thanks, Fantom.

EDIT: I neglected to mention that the Linux PC is a seperate machine from the Windows PC that the share is on.

ssh -L localport:server_ip_or_hostname:remote_port_you_want_to_connect_to user@machine_with_ssh_on_it -P sshport_if_not_22

so

ssh -L 139:yourfileserver:139 yourusername@yoursshmachine will tunnel the local port 139 to the port 139 on your fileserver.

more resource http://www.revsys.com/writings/quicktips/ssh-tunnel.html

1 Like

I believe you will need all of these ports to access the SMB share.

137, 138, 139, 445

If that is so, OP will need all these tunnels seperately... I honestly suggest you to use OpenVPN instead. It will tunnel all your traffic to your local network and that way you can just type smb://myfileserver or //myfileserver to access it from the machine thats on the VPN

1 Like

I agree, I would (actually, I do) use openvpn for this.

2 Likes

So do I. I only use ssh tunnel to access phpmyadmin and ispconfig on my remote server, so they are never exposed to the web directly.

1 Like

Thanks very much for all your help.

I managed to get this working on Linux by tunnelling only port 445. It seems to work perfectly and the speed is unreal (admittedly on a leased-line-to-leased-line connection).

The intended client was actually a Windows PC, so I did some further digging.

After much hair pulling I found this article:
http://www.nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html

It points out that from Windows Vista onwards (in other words NT 6.X) the SMB service binds port 445 on all interfaces when it starts.

Since it is a system service and starts very early, you have to mess with the way it launches to get PuTTY to bind the interface, which in a domain environment is unacceptable.

Thanks again for the help, I have learned a number of useful things from this :)

1 Like

Perfect! That is how it's meant to be =D congrats on solving it!