SSH tunnel on Windows 10 to Linux Samba

5

2

I know This question has been asked a few times already but I think my problem might be slightly different. Maybe I'm not understanding the fundamentals of the issue.

I have a Linux Samba share that I would like to ssh tunnel and use from Windows. When I am on the VPN I can access the Samba share and tunneling port 139 works fine on Linux. When I access the share from a Linux machine that is off the VPN all I need to do is forward port 139 like so: 

ssh user@remotehost -L 1139:localhost:139

And then mount the drive:

mount -t cifs //remotehost/shared /mnt/cifs -o username=myuser,password=mypass,ip=127.0.0.1,port=1139

For Windows I tried following a tutorial to create a loopback adapter and tunnel via PuTTY: http://www.nikhef.nl/~janjust/CifsOverSSH/Win8Loopback.html

This didn't work so I tried following a different tutorial that uses port 139 instead of 445: https://www.simonholywell.com/post/2009/04/samba-file-share-over-ssh-tunnel/

Neither of this tutorials worked so I guess my first question is which of these ports do I actually need to forward? Do I need port 139, port 445, or both? I don't see what the issue could be.

Let me know if you need any other info, I have tried using nmap to troubleshoot but haven't gotten anywhere.

Blake Wrege

Posted 2016-06-29T13:18:46.477

Reputation: 53

Answers

3

You should only need to forward port 445. In putty the local port should be loopbackIP:44445(or any other unused port) and the forward destination should be localhost:445 or 127.0.0.1:445.

It worked for me follow the procedure in this link: http://how-to.cc/setup-windows-filesharing-over-ssh

Note that all reference to the service 'smb' needs to be changed to the service 'server'.

If it still doesn't work you can try disabling samba v3 on the windows box or try upgrading samba on the linux server. See this link https://it.awroblew.biz/windows-10-and-problems-accessing-smb-shares/

Matt

Posted 2016-06-29T13:18:46.477

Reputation: 46

Welcome to Super User! Please quote the essential parts of the answer from the reference link(s), as the answer can become invalid if the linked page(s) change. – DavidPostill – 2016-09-23T08:22:38.643

4

how to proxy smb to a windows 10 client:

short description with ssh n stuff for tunneling

  1. launch hdwwiz.exe
  2. network adapters -> Microsoft KM-TEST Loopback Adapter -> finish
  3. disable everything except ipv4 in that new network sink

  4. inside the ipv4 settings set up a ip, 255.255.255.255 as subnet mask and disable netbios

    • if you cannot decide on an ip simply use 192.168.2.123.
      sadly it's impossible to use 127.0.0.2 or similar for this. windows for some unknown reason will not connect to it.

  5. elevated windows shell

    • run sc config lanmanserver start= delayed-auto
      this is sadly required since microsoft will bind it's smb bullshit to 0.0.0.0:445 thus making it impossible to listen to that port yourself.
      microsoft also does not want you to use smb on a port different than 445.
    • run netsh interface portproxy add v4tov4 listenaddress=192.168.2.123 listenport=445 connectaddress=192.168.2.123 connectport=44445
      this will ensure that 445 stays bound as soon as lanmanserver starts. thus making it possible for you to just spawn a listener onto 44445 to listen to 445 without eaddrinuse errors etc.
  6. edit %windir%\system32\drivers\etc\hosts and add an appropriate mapping like:
    192.168.2.123 smbproxy
  7. reboot
  8. just use ssh -L 192.168.2.123:44445:internalsmbhost:445 sshuser@publicjumphost
  9. open explorer and navigate to \\smbproxy

you can also create multiple mappings in your hosts file for that.
the benefit would be that multiple users of your laptop / pc could access your nas with different usernames / sessions without windows annoying you that someone else is already using that resource.

feel free to open the task creation tool of windows to start this on system startup.

this was taken from my readme.md i made for my websocket proxy https://gitfap.de/GottZ/websocketproxy

GottZ

Posted 2016-06-29T13:18:46.477

Reputation: 141

Thanks for this comment and your link. I got to step 9 above - but then when I try to open the \10.0.0.1 network address in windows explorer - it asks me for username/ password. I have no idea what to give here - since neither the login/password of my account on the remote linux host, nor that of my local windows machine seems to work. Any suggestions ? – firdaus – 2019-07-21T19:51:05.120

1@firdaus strangely sounds like your smb share requires authentication. i doubt you did anything wrong in the steps and your configuration is fine. it's just the smb host that's asking for auth – GottZ – 2019-07-21T20:48:58.963

Not working for me: the portproxy rule does show up with netsh interface portproxy show all but it doesn't take effct for some reason, netstat -an | find "445" doesn't show 10.255.255.1:445 – stijn – 2019-08-22T10:36:16.037

Asked: 2016-06-29T13:18:46.477

Viewed: 19 071 times

Active: 2019-07-21T20:58:16.230