Samba over SSH -- Opening Windows to UNIX safely and reliably

From assela Pathirana
Jump to navigationJump to search

Introduction

Samba is a suite of programs that enables interoperability between Linux/Unix servers and Windows clients. See What Is Samba? for more. [1]. I use it to map some UNIX directories in a server at my workplace to several of my Windows desktops. Recently I had to put my server behind a firewall and close all the ports of communication except SSH (22). Now, Samba or any other windows NetBIOS communication (in plain language things like 'sharing' files and folders between windows computers.) needs port 139 to be open. My solution was to tunnel NetBIOS (port 139) communication over SSH. This has added advantage of the entire communication between UNIX server and windows client being encrypted.

The Tools

There are many ways of doing this. A google serch will point to some very informative pages on doing this based on PuTTY, a SSH client for windows. In my case, I wanted to do this with Cygwin (see also: this.) a UNIX/X11 system running in windows. The simple reason was in all computers I use I have a Cygwin installation. (See this link to find why). So the following is an account of doing this with Cygwin tools.

Windows Network configuration

First, some changes to the windows network configuration are needed. The reason is this (feel free to skip): We are going to 'map' port 139 of our server to the port 139 of the windows machine. Now any windows machine uses its port 139 for variety of NetBIOS services. If we hijack the port, these services (like drive mappings) will be interrupted. But, the good news is same port can exist (and communicate) more than once in the same computer if we have more than one network interface in that computer. Imagiene two interfaces I1 and I2, then its something like I1:139, I2:139. Now, we are not going to install another network interface here! But rather, the solution is to create a 'virtual' network interface (called Loopback Interface) just for the purpose of our port mapping. In windows we can create any number of these without any restriction from how many hardware network cards we have.

Retrieved from "https://assela.pathirana.net/index.php?title=Samba_over_SSH_--_Opening_Windows_to_UNIX_safely_and_reliably&oldid=3731"