Secure Internet Access To Samba With SSH And PuTTY
This post is for people running a private Samba server, wishing it was securely accessible over the Internet. Stop reading if you don’t know what Samba or SSH means.
Imagine the following situation: at work, school or a client site, you insert your USB stick, check your local hard drive and search your Gmail account to find out that the one file you were looking for is not there. You probably left it at home. Damn!
Sounds familiar? It does happen to me frequently.
A solution is to have access over the Internet to your private Samba server. No more worrying that you didn’t take a particular file with you, just access it from anywhere you like. But you also want that access to be secure. Can it be done? Yes.
What do you need?
- A server running Samba that also provides SSH access from the internet
- Windows XP on the client
- PuTTY on the client
How does it work?
In short, you have to install a loopback adapter and configure a SSH tunnel with PuTTY that uses the loopback adapter. If this says it all to you, you can stop reading. If not, please continue 
Step 1: Install a Microsoft Loopback Adapter
- Go to Start -> Settings -> Control Panel -> Add Hardware.
- Select “Yes, I have already connected the hardware”
- Select “Add a new hardware device”
- Select “Install the hardware that I manually select from a list (Advanced)”
- Select “Network adapters”
- Select Microsoft -> Microsoft Loopback Adapter
- Click Next, Next, Finish and done with step 1!
Step 2: Configure the Microsoft Loopback Adapter
- Go to Start -> Settings -> Network Connections and look for the network connection associated with your newly installed loopback adapter (hint: it should say something like “Microsoft Loopback Adapter” under device name).
- The network connection is probably called “Local Area Connection #-something”, you can change that to something more meaningful. “Loopback For Samba” is great if you don’t feel creative.
- Right-click the network connection, click Properties.
- Uncheck “Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks”.
- Change the properties of “Internet Protocol (TCP/IP)”:
- Use the following IP address: 192.168.100.100 (any private address that does not interfere with address ranges on your other network cards is fine)
- Subnet mask: 255.255.255.0
- Default gateway and DNS can be left empty
- Click Advanced, tab WINS: check “Enable LMHOSTS lookup” and “Disable NetBIOS over TCP/IP”.
- Click OK, OK, and you’re done with step 2!
Step 3: Create an LMHOSTS file
- Open an Explorer window and browse to C:\WINDOWS\system32\drivers\etc (or wherever your Windows installation resides).
- Create a new, empty text file called “lmhosts” (without the quotes and without an extension!)
- Put the following line in there:
192.168.100.100 name_of_samba_server
Be sure to use the IP address you picked in Step 2! It is handy to use the same name_of_samba_server as you use on your local network. That way you can always refer to your Samba server with the same name, regardless of your location (at home, or work, or school, or …).
Step 4: Configure PuTTY
- I assume you already have PuTTY configured with a saved session to make an SSH connection to your Samba server.
- Fire up PuTTY, load your saved session and navigate to Connection -> SSH -> Tunnels.
- Type “192.168.100.100:139″ in the Source port textbox (the textbox is a bit small, but that doesn’t matter) (be sure to use the IP address from step 2) (use the IP address, i.e. do NOT use the name of the samba server!).
- Type “localhost:139″ in the Destination textbox.
- Click Add and re-save your saved session, and you’re done with Step 4
Step 5: Use it!
Fire up PuTTY and make an SSH connection to your Samba server. You’re now able to access your server, map drives, etcetera.
For example, try Start -> Run and type “\\name_of_samba_server”. You’re presented with a login box and/or an explorer window with all shares on your server.
Or type “net use h: \\name_of_samba_server\share” to make a network drive mapping.
Basically, you can use your server like you would as if it were on your local network.
Step 6
There is no step 6.
FAQ
- Why the loopback adapter, can’t I simply use my regular network adapter?
Yes you could, but with a severe limitation: while PuTTY is running you would have access to your Samba server, but at the same time, not to your work/school/client network drives (and vice versa). - Why the LMHOSTS, can it be done without?
Sure, but then, I would have to access my Samba server with “\\192.168.100.100\share” while on the road and with “\\name_of_samba_server\share” while at home. The use of an LMHOSTS file abstracts that for me. It’s also quite handy for batch files that create mappings (they work, regardless whether you’re at home or on the road).
Well, that’s all there is to know about secure access to a private Samba server. Good luck!
This post is largely based on an old message on the Samba mailing list.
The image above was taken from Ella’s Dad flickr stream under a Creative Commons license.
Possibly related posts (automatically generated):
