2

Secure Windows File Sharing (Samba) over the Internet without Putty.

Posted November 2nd, 2009 in Linux, Windows by Damian

There are numerous articles describing tunnelling Samba over SSH with putty. In this post I will show you how to set up Samba tunnelling for everyday use without putty running all the time.

Things you need before you start:

An SSH server between you and the shares you want to connect to. It may be running on the same machine as the shares you want to access.

Also, File Sharing (Windows) or Samba (Linux) should be configured correctly on the machine you want to access. Make sure your firewall lets the SSH server connect to your Samba or Windows shares.

Step 1: Create a local loopback interface

We need to create a loopback interface on your local computer first. There is a lot of HOWTOs on the web describing this. I suggest you read this one. As soon as you have the loopback working and putting properly forwarding ports to the local loopback interface, go to step 2.

Step 2: Set up the tunnelling app

So you have the forwarding working now. Technically, that’s all you need. However, if you plan to use shares on a daily basis, there are a few things you will notice:

  • It’s annoying to have the putty window open all the time,
  • If you close it, your shares will become unavailable,
  • If your network goes down for a while, putty won’t be able to reconnect your ssh session.

There’s a solution to these problems: a tunnelling tray application. Personally, I like myentunnel. It’s a simple wrapper for plink.exe from the putty package. Sitting quietly in the task-bar’s tray, it’s unobtrusive and reconnects automatically after a network failure.

Install and run myentunnel. Then set your hostname, username and password stuff in the Settings tab and go to the Tunnels tab. Add the Samba port and IPs in the Local box, press Save and then Connect. If putty connected and forwarded the ports properly, myentunnel should work without a hitch too.

If you have multiple servers to connect to, you can create server profiles. Read the myentunnel documentation for details.

That’s all, enjoy.

2 Responses so far.

  1. Thomas says:

    Hi!

    I’m writing here even though it actually belongs to the article which describes setting up the loopback interface. (not possible to leave a reply there – “wrong captcha text” 10 times)

    No success in my case with the forwarding; I have WinXP SP2, have installed the update mentioned in the article, but Windows says “… cannot access this share. Check spelling etc” when typing “\\10.0.0.1\myshare” into the address bar. Also using “Connect to net drive…” it does not work.

    The samba server is running, the loopback interface and the pure forwarding part work as well (as shown in the status messages in myentunnel when doing a raw telnet connect to 10.0.0.1:139), but windows does not seem to initiate a connection on 139, rather on 445 first.

    Any ideas?

    Port 445? (Tried, but yielding a “permission denied” when trying to establish the tunnel)

    In Putty: I assume you have to choose the option “Local” when adding the forward, i.e. having an equivalent of “-L 10.0.0.1:139:127.0.0.1:139″.

  2. I think it’s an issue introduced by microsoft’s security update KB942624. I’m experiencing the ‘permission denied’ problem on my Vista.

    I haven’t found a solution for this so I’m using SftpDrive for the time being.

Leave a Reply