SSH tunnel on Windows 10 to Linux Samba

windows-10 ssh samba ssh-tunnel cifs
33,931

Solution 1

You should only need to forward port 445. In putty the local port should be loopbackIP:44445(or any other unused port) and the forward destination should be localhost:445 or 127.0.0.1:445.

It worked for me follow the procedure in this link: http://how-to.cc/setup-windows-filesharing-over-ssh

Note that all reference to the service 'smb' needs to be changed to the service 'server'.

If it still doesn't work you can try disabling samba v3 on the windows box or try upgrading samba on the linux server. See this link https://it.awroblew.biz/windows-10-and-problems-accessing-smb-shares/

Solution 2

how to proxy smb to a windows 10 client:

short description with ssh n stuff for tunneling

  1. launch hdwwiz.exe

  2. network adapters -> Microsoft KM-TEST Loopback Adapter -> finish

  3. disable everything except ipv4 in that new network sink

  4. inside the ipv4 settings set up a ip, 255.255.255.255 as subnet mask and disable netbios

    • if you cannot decide on an ip simply use 192.168.2.123.
      sadly it's impossible to use 127.0.0.2 or similar for this. windows for some unknown reason will not connect to it.

  5. elevated windows shell

    • run sc config lanmanserver start= delayed-auto
      this is sadly required since microsoft will bind it's smb bullshit to 0.0.0.0:445 thus making it impossible to listen to that port yourself.
      microsoft also does not want you to use smb on a port different than 445.
    • run netsh interface portproxy add v4tov4 listenaddress=192.168.2.123 listenport=445 connectaddress=192.168.2.123 connectport=44445
      this will ensure that 445 stays bound as soon as lanmanserver starts. thus making it possible for you to just spawn a listener onto 44445 to listen to 445 without eaddrinuse errors etc.

  6. edit %windir%\system32\drivers\etc\hosts and add an appropriate mapping like:
    192.168.2.123 smbproxy

  7. reboot

  8. just use ssh -L 192.168.2.123:44445:internalsmbhost:445 sshuser@publicjumphost

  9. open explorer and navigate to \\smbproxy

you can also create multiple mappings in your hosts file for that.
the benefit would be that multiple users of your laptop / pc could access your nas with different usernames / sessions without windows annoying you that someone else is already using that resource.

feel free to open the task creation tool of windows to start this on system startup.

this was taken from my readme.md i made for my websocket proxy https://gitfap.de/GottZ/websocketproxy

EDIT: we are in 2020 now. use wireguard for this. it's much more reliable than ssh.

Share:
33,931

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin almost 2 years

    I know This question has been asked a few times already but I think my problem might be slightly different. Maybe I'm not understanding the fundamentals of the issue.

    I have a Linux Samba share that I would like to ssh tunnel and use from Windows. When I am on the VPN I can access the Samba share and tunneling port 139 works fine on Linux. When I access the share from a Linux machine that is off the VPN all I need to do is forward port 139 like so: 

    ssh user@remotehost -L 1139:localhost:139

    And then mount the drive:

    mount -t cifs //remotehost/shared /mnt/cifs -o username=myuser,password=mypass,ip=127.0.0.1,port=1139

    For Windows I tried following a tutorial to create a loopback adapter and tunnel via PuTTY: http://www.nikhef.nl/~janjust/CifsOverSSH/Win8Loopback.html

    This didn't work so I tried following a different tutorial that uses port 139 instead of 445: https://www.simonholywell.com/post/2009/04/samba-file-share-over-ssh-tunnel/

    Neither of this tutorials worked so I guess my first question is which of these ports do I actually need to forward? Do I need port 139, port 445, or both? I don't see what the issue could be.

    Let me know if you need any other info, I have tried using nmap to troubleshoot but haven't gotten anywhere.

  • DavidPostill
    DavidPostill almost 8 years
    Welcome to Super User! Please quote the essential parts of the answer from the reference link(s), as the answer can become invalid if the linked page(s) change.
  • firdaus
    firdaus almost 5 years
    Thanks for this comment and your link. I got to step 9 above - but then when I try to open the \\10.0.0.1 network address in windows explorer - it asks me for username/ password. I have no idea what to give here - since neither the login/password of my account on the remote linux host, nor that of my local windows machine seems to work. Any suggestions ?
  • GottZ
    GottZ almost 5 years
    @firdaus strangely sounds like your smb share requires authentication. i doubt you did anything wrong in the steps and your configuration is fine. it's just the smb host that's asking for auth
  • stijn
    stijn almost 5 years
    Not working for me: the portproxy rule does show up with netsh interface portproxy show all but it doesn't take effct for some reason, netstat -an | find "445" doesn't show 10.255.255.1:445
  • Andre Polykanine
    Andre Polykanine about 4 years
    And the link to how-to.cc seems dead...
  • Jean Paul
    Jean Paul over 3 years
    @stijn I have the same problem as you and in my case it is due to lanmanserver server which starts too fast at Windows startup. Even if I set its start type as on demand, it is started too soon, the only way I found for now is to totally disable it. There must a program which starts it but I don't know how to find which one.
  • stijn
    stijn over 3 years
    @JeanPaul yes it's something like that, but seems hit and miss, not sure. I'm using instructions from nikhef.nl/~janjust/CifsOverSSH/Win10Loopback.html and on one machine that works perfectly (sometimes after 'big' Windows updates services need to be configured), on another one it just never works.
  • GottZ
    GottZ over 3 years
    Hm. That's why you should set it to delayed-auto and not demand. Sadly I can't verify it since I'm no longer on windows.
  • Jean Paul
    Jean Paul over 3 years
    @GottZ In delayed-auto I'm afraid it doesn't prevent it to be started on demand, in that case that would not solve the problem.
  • bart
    bart over 3 years
  • argaz
    argaz over 2 years
    Was having the same problem and thanks to the edit I solved it with WireGuard instead of the "ugly" workaround

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Putty: Local port 80 forwarding to localhost:80 failed: Network error: Permission denied
SMB proxy: Connect to SMB server through SSH tunnel between two other hosts
How to setup a private dedicated Node.js Ubuntu Server?
How to use Node.js to make a SSH tunneling connection to a MongoDB database
Jsch session Configuration
Problems auto-mounting samba/cifs share with fstab
mount.cifs gives me "mount error: cifs filesystem not supported by the system"
ssh-add -l Error connecting to agent: Connection refused
How does one mount UNC root? (SMB / CIFS)
How to mount a sambashare with autofs and cifs