Alireza@Blog TBD

26Jun/1026

Mapping network drive via SSH on Linux, Windows and Mac

Problem: With Linux as the host server, mapping a remote network drive via SSH on various client platforms: Linux, Mac OS and Windows.

Solution:

Tested on Windows XP-SP3/7, Linux (Redhat/Fedora, Ubuntu), and Mac OS (Snow Leopard 10.6).

For Linux  (Redhat/Fedora, Ubuntu), see 'SSHFS'. No Samba is required.

---------------

For Windows or Mac drive mapping, SSH is not enough; Samba service is required. We need to tunnel it through SSH to keep the connection secure.

For Windows XP-SP3:

If you have 'File and Printer Sharing' enabled for your network device, Windows will not allow you to tunnel from another source (i.e., SSH tunnel) the samba port 139 for that network device.  Thus, assuming that you will likely want to keep both your Windows and Samba shares, you will need to create a loopback device and tunnel port 139 to that new device. The following are steps for doing this (derived from Simon Holywell's posting):

First, add the Loopback Adapter to the Windows client machine:

  1. Open up the Add Hardware control panel (Start > Control Panel > Add Hardware)
  2. Click next and wait for searching to conclude nothing was found.
  3. Choose ‘Yes, I have already connected the hardware’
  4. Scroll to the bottom of the ‘Installed hardware’ list box and choose ‘Add new hardware device’
  5. Now choose ‘Install the hardware that I manually select from a list (Advanced)’
  6. Select  ‘Network adapters’
  7. Under ‘Manufacturer’ you want ‘Microsoft’
  8. For ‘Network Adapter’ choose ‘Microsoft Loopback Adapter’. Continue with installation.
  9. Open the adapters properties dialogue (Start > Control Panel > Network Connections and then right click on the adapter and choose properties)
  10. Uncheck all items listed except for 'Internet Protocol (TCP/IP).
  11. Highlight ‘Internet Protocol (TCP/IP)’ and click the ‘Properties’ button
  12. Choose ‘Use the following IP address’
  13. Enter ‘10.0.0.1′ for ‘IP address’ (or any other acceptable and unused local address: 10.x.x.x, 172.16.x.x, and 192.168.x.x). This will be the IP of your loopback adapter; make note of it for later.
  14. Enter ‘255.255.255.0′ for ‘Subnet mask’
  15. Click the ‘Advanced’ button and on the ‘WINS’ tab
  16. Enable ‘Enable LMHOSTS Lookup’
  17. Check ‘Disable NetBIOS over TCP/IP’
  18. Restart you computer (even though Windows does not prompt for this step)

Next, configure the SSH Tunnel

  1. Download and Open PuTTY.
  2. Using the configuration window on the left, navigate to Connection > SSH.
  3. Enable two boxes "Don't start a shell or command at all" and "Enable Compression".
  4. Navigate to Connection > SSH > Tunnels
  5. For ‘Source port’, enter ‘10.0.0.1:139′ (replacing IP as needed if a different loopback address was chosen before in step 13). For ‘Destination’, enter ‘localhost:139′. Click the 'Add' button.
  6. Navigate to "Sessions" (the initial screen) to enter the host information and save the connection profile (so you don't have to reconfigure again).
  7. Start Putty session.

Finally, map the network drive:

  1. Open 'My Computer' and choose 'Map network drive' from the menu bar.
  2. For 'Folder', enter '\ssh-hostsamba-folder', where ssh-host and samba-folder are substituted accordingly. If required, choose 'Connect using different credentials'.

---------------

For Windows 7:

A different solution is required for Windows 7. You don't need a loopback adapter to use both your Windows and Samba shares, but instead you will have to do some service management. I have provided steps to do this manually (based on this post) and updated using comments below:

Firstly, configure your Windows "Server" service to manual start and stop it. Here's how:

  1. Right click on 'Computer', select 'Manage'.
  2. Navigate to 'Services and Applications' > 'Services'
  3. Locate service named "Server" and open properties.
  4. Set 'Startup Type' to Manual, and choose the "Stop" button to stop the service.
    • Important: this will stop your Windows shares. Also, you may need to reboot your system.

Next, configure the SSH Tunnel

  1. Download and Open PuTTY.
  2. Using the configuration window on the left, navigate to Connection > SSH.
  3. Enable two boxes "Don't start a shell or command at all" and "Enable Compression".
  4. Navigate to Connection > SSH > Tunnels
  5. For ‘Source port’, enter ‘139′. For ‘Destination’, enter ‘localhost:139′. Click the 'Add' button.
  6. For ‘Source port’, enter ‘445′. For ‘Destination’, enter ‘localhost:445′. Click the 'Add' button.
  7. Navigate to "Sessions" (the initial screen) to enter the host information and save the connection profile (so you don't have to reconfigure again)
  8. Start Putty session.

Finally, map the network drive and resume Windows "Server" server:

  1. Open 'My Computer' and choose 'Map network drive' from the menu bar.
  2. For 'Folder', enter '\localhostsamba-folder', where samba-folder is substituted accordingly. If required, choose 'Connect using different credentials'.

Optional: If you want to now use your Windows (in addition to Samba) shares, do this:

  1. Return to 'Properties' screen for windows "Server" service (as done initially).
  2. Choose the "Start" button to start the service. (Alternatively, use command prompt with Admin privileges and execute the command:  'net start server'
  • Important: If you want to use your Windows + Samba shares after rebooting, you must again start this service. Alternatively, you could create a start-script to do this.

---------------

For Mac OS (Snow Leopard 10.6):

Derived from this posting.

Firstly, configure the SSH tunnel:

  1. Open a terminal window.
  2. Use the following command (sudo or root access required) to set up a loopback alias and tunnel the required Samba ports, filing in 'user' and 'ssh-host' accordingly:
    • sudo ifconfig lo0 127.0.0.2 alias up
      • where 127.0.0.2 is an alias for your loopback adapter. This IP can be any other acceptable and unused local address: 10.x.x.x, 172.16.x.x, and 192.168.x.x . If different is chosen, make sure to reflect that change within the next command.
    • sudo ssh -NL 127.0.0.2:139:localhost:139 -NL 127.0.0.2:445:localhost:445 user@ssh-host

Finally, map the network drive:

  1. Choose the “Connect to Server” option from the Finder menu bar.
  2. Connect to the following, filing in 'user' accordingly: smb://user@127.0.0.2
  3. Enter Samba credentials and continue.
Comments (26) Trackbacks (3)
  1. Regarding the Windows 7 solution, do you mean port 445? Regardless, this does not work for me, event log says that port 445 connection is refused by server. I am running samba 2 on a dd-wrt router, perhaps newer version of samba is required?

    Thank you.

    • You’re right, the port should be 445; I corrected that typo. I haven’t tried connecting to a Samba server running on DD-WRT. For reference, my server was linux Fedora 12 running samba version 3.4.7. It appears that the latest version of Samba is now 3.5.4. You could consider upgrading. You may also want to investigate whether the samba service is properly started and if this could possibly be a firewall issue (though I’m not too familiar with samba server running on DD-WRT).

  2. Thanks for the tutorial. I have a few follow on questions, I am on Win 7 64bit and my SMB server is Ubuntu 10.04 based :

    1. In case I don’t really need the “Server” service, I can just leave it as disabled and only enable it manually when I need to right?

    2. How about mounting multiple shares on different machines with different IP address? using just “localhost” will not work in that case right? Perhaps installing multiple loopback adapters, with different 10.0.0.x addresses for each server will be needed in that case?

    Thanks for the pointers though — this is very useful for securing SMB access. All the previous techniques do not seem to work with Windows 7 – 64bit. e.g. http://blog.simonholywell.com/post/374206082/samba-file-share-over-ssh-tunnel (this link was quite useful too but didnt work for me).

    –uv

  3. UV: I think you’re on the right track with both your points, 1 & 2. I’d like to hear if it all works out for you.

  4. Thanks for this great tutorial.

    As my planned SSH tunnel client machine is a Windows 2008 Server, I’m looking at more robust and multi-user friendly ways to achieve this.

    Here’s what I’m thinking:
    1. Use Plink (= Command-line version of Putty from same author) to create the SSH tunnel and use SrvAny or NSSM to turn it into a service (ref: http://xxlinxx.wordpress.com/2009/03/23/set-up-an-ssh-tunnel-as-a-windows-service-using-putty-plink/)
    2. Change the startup mode of the Server (LanmanServer) service to “Automatic (delayed start)”, while adding the newly created Plink service as one of its dependencies in the registry (ref: http://support.microsoft.com/kb/193888)

    I would expect it to work, but unfortunately, I’ve got a rather limited maintenance window to try it out, so any feedback would be appreciated.

  5. Great tutorial, but I could use some help.

    When I go step 2, to map my folder ‘\localhostmyUserName’ I get “Access Denied. And then I get a pop-up that asking me to “Enter your password to connect to: localhost” dialog. What gives? Also, I’m on a domain.

    Neither my windows or unix username and password work.

    • Make sure you have proper credentials for your server (which is hosting your samba/windows share). For example, if you have a linux server running samba, you need to create a samba user (i.e., you cannot use your linux user/pass). Good luck.

  6. Awesome. Thanks for the tips

  7. Thanks for the credit :]

  8. I keep getting the following error. btw I am using Bitvise Tunelier

    12:33:10.274 Attempting ‘password’ authentication.
    12:33:10.434 Authentication completed.
    12:33:10.434 Initializing client-side client-2-server forwarding on 127.0.0.1:139 succeeded.
    12:33:10.648 Session terminated on client’s behalf:
    SSH_DISCONNECT_BY_APPLICATION
    Initializing client-side client-2-server forwarding on 127.0.0.1:445 failed. bind() failed: Windows error 10013: An attempt was made to access a socket in a way forbidden by its access permissions.

  9. So I get that this needs to be done on the client side, but what do you have to do on the server side? You are not just hanging a smb share open to the world right?

    • Correct, the samba share is open only to the local machine. It is SSH that is open to the outside world; samba is tunneled through SSH.

      • Thanks for the follow up. Is this a one to one or one to many solution? Specifically I would like to have several laptops ssh back to a central file share. The implementation i envision would be to have a firewall forwarding ssh back to an open ssh device that would also have samba or windows shares. Would each of the laptops in the field be able to see the samba/windows shares simulaneously or no?

  10. Hello. It is perfect way to use one library for iTunes and keep it synced when I am on work(thru ssh-tunnel) and at home. BUT, when I try to use mounted drive I receive “access denied”. I can’t change permission to this drive from Win7. But I can write to this folder. Maybe I use wrong samba config?

  11. FYI on Mac- there’s no reason to do anything with loopback alias, etc.- just bind the port forwarding to a different local port and specify that port in ‘connect to server’ – i.e. cifs://127.0.0.1:666

  12. Hi,

    Trying to setup Putty. It is stated here that the loop-back adapter can be the source by typing e.g. 10.0.0.1:port. (the ip code for the adapter.
    But I get an error telling me I should input a name like nnn@nnn:port.
    But I do not know a name that points to the adapter.
    Help please.

  13. I think you are mixing up the source and destination fields. ‘Source’ is the port you want to listen for on the remote machine. ‘Destination’ is where you want that forwarded locally, including a optional interface specification.

  14. Hi,
    A nice tutorial. It definitely got me on the right path. There was not need using Windows 7 however to use the complicated method you have described. I achieved SMB through SSH tunnel by simply setting the “server” service to “manual”. This means it won’t start AT ALL unless you start it… manually. With that set to manual you can simply restart your machine as many times as you like without the need to constantly disable it at startup with a script.

    The putty stuff is the same no issues with that.

    Just thought I’d share really. I had everything but hadn’t done the “server” service so thanks for that!!

    P.S. if you have your “server” service set to “manual” you won’t be able to share anything. If you open a command prompt with admin privs simply type “net start server” without the “” and you’re done. Because you’ve set the service to manual the next time you restart you’ll still be able to access your SMB shares through your SSH tunnel =) Win

  15. I followed the Windows 7 instructions without the loopback but when I would connect to local host it was only showing my local computer. Finally I realized that Disable the Server Service on my machine rather than just Stop and set to manual. Then the SSH tunnel worked fine.

  16. Brilliant, thank you!!!

  17. I am SO confused! I have a DD-WRT router that I would like to connect to, and I have enabled the Web GUI Management (port 8080) and the SSH Management (port 22), as well as Allow Any Remote IP. I am trying to map a drive remotely.

    I just don’t understand this. I’m running Windows 8 and I went into my service manager and stopped the Server service. Then I tried to follow the instructions for putty, but it says “Server unexpectedly closed network connection.”

    You said: “For ‘Source port’, enter ‘139′. For ‘Destination’, enter ‘localhost:139′. Click the ‘Add’ button.”

    Am I literally entering ‘localhost’? Or am I substituting ‘localhost’ for the public IP of what I’m trying to connect to? I actually have the public IP attached to a dyndns account so I can connect to the dd-wrt web gui through 1234.dyndns.org:8080 (1234 being my username). Or maybe I was supposed to substitute ‘localhost’ for 192.168.1.1 (the private router address)?

    I’m just not getting this. Am I supposed to enter 139? Or was I supposed to substitute it and enter 8080?

    Then in step 7, you said “enter the host information”. Is that the public IP address/dyndns address?

  18. Excellent post. I am using Windows 8 and the Windows 7 instructions worked fine. However, I did have to reboot the machine in order to map the drive and the format for the drive share should be \\localhost\samba-share-name (minor detail). I used it to create a share to my Raspberry Pi (raspbian) which i use as a development web server.

    Thanks!


Leave a comment