SSH Tunnel for Samba over SSH Proxy

2

So I am trying to do something that is relatively simply in theory but my use-case seems to be hard to find since most proxying I find on the internet is in regards to setting up a proxy for your browser via an SSH tunnel.

What I would like to do is setup a mapped drive on my Mac that points to a linux box that I have SSH access to. I've found some helpful resources online including this in which the author recommends something like:

sudo ifconfig lo0 127.0.0.2 alias up
sudo ssh -NL 127.0.0.2:139:localhost:139 \
         -NL 127.0.0.2:445:localhost:445 \
         user@ssh-host

From what I understand, that looks fine... However, my setup is only slightly more complicated. This assumes that you have direct SSH access to the box. My situation is such that I connect to my machine through another machine. So, my ~/.ssh/config looks like the following:

Host *.dev
  User jmurray
  IdentityFile ~/.ssh/my_dev_identity_file
  ProxyCommand ssh -A proxy_box nc %h %p

So, when I ssh into jmurray.dev (the taget linux box), I will be directed through the proxy_box server. I should mention that this network configuration is outside of my control, so please don't suggest changes to the network configuration itself.

So, from the aforementioned tutorial, the first command works fine (of course) but the second command of:

sudo ssh -NL 127.0.0.2:139:localhost:139 \
         -NL 127.0.0.2:445:localhost:445 \
         jmurray@jmurray.dev

errors with:

sh: Could not resolve hostname jmurray.dev: nodename nor servname provided, or not known

So, I'm only assuming here that it is not reading my config file when I make this request. So, I decide that I'll feed it my configurations via the command line with the slightly modified version:

sudo ssh -NL 127.0.0.2:139:localhost:139 \
         -NL 127.0.0.2:445:localhost:445 \
         jmurray@jmurray.dev \
         -o 'User jmurray' \
         -o 'IdentityFile ~/.ssh/my_dev_identity_file' \
         -o 'ProxyCommand ssh -A proxy_box nc %h %p'

but then I get a separate error of:

Permission denied (publickey,gssapi-with-mic).
ssh_exchange_identification: Connection closed by remote host

So... This is where I get stuck. I feel like this should be possible. If I can ssh into the box in once command from my local machine, then I feel like it should be possible to setup my tunnel in one command from my local machine. And since the proxy_box is a shared machine, I'd really like to stay away from any solutions that require me to act as root on that box.

Thanks in advance for any help!! It's much appreciated!

John

Posted 2013-02-15T05:08:56.663

Reputation: 284

Answers

2

Running ssh with sudo means you're running it as root, hence it's not using your .ssh/config but root's.

Run your ssh connection on an unprivileged port as you and then run an additional SSH proxy connection to localhost to forward the privileged ports.

Ok, so as an example, additionally to doing your normal SSH:

ssh -NL 127.0.0.2:10139:localhost:139 \
    -NL 127.0.0.2:10445:localhost:445 \
     user@ssh-host

you also run this local ssh:

sudo ssh -NL 127.0.0.2:139:127.0.0.2:10139 \
         -NL 127.0.0.2:445:127.0.0.2:10445 \
         $USER@localhost

Thus you avoid binding to the privileged ports 139 and 445 in your real SSH connection and only bind them in a local connection to your own machine.

However, all of this seems a little bit of an effort for just acessing files, there should be a good choice of SSHFS/SFTP implementations for Mac available.

Stefan Seidel

Posted 2013-02-15T05:08:56.663

Reputation: 8 812

I'm still wresting with the concept and syntax of port-forwarding in SSH. Can you give me an example in your answer? That would be fantastic! And I'll be glad to accept it as the answer to my question! – John – 2013-02-15T15:28:01.100

Asked: 2013-02-15T05:08:56.663

Viewed: 2 970 times

Active: 2013-02-15T22:43:05.300