[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Ways to connect a windows box to a windows server share through ssh?

Our windows desktops and servers are on two different networks with port 139 blocked. So simple file mapping cannot occur. However ssh is allowed.

Currently the only way I know how to map a drive to a windows share through ssh is:
-Create a ms loopback
-setup a putty session with an ssh server on the server network and tunnel 139 through that session.

This is extremely tedius, b/c for every mapped drive you have to setup an additional loopback. Anyone else have any other suggestions?
0
WinPE
Asked:
WinPE
  • 7
  • 7
  • 3
1 Solution
 
BlazCommented:
The first question would be why is port 139 blocked. Is there a good reason for that? You are trying to bypass this limitation so if there is a good reason for blocking port 139 there should be a good reason not to create bypasses...

Otherwise you can forward the port 139 (which I believe you are doing) but from a single computer you can only forward to one server (not only for one shared folder).

You could also use other copying software: ftp, sftp, ...
0
 
WinPEAuthor Commented:
Well they block 139 along with most major ports. Except for common ssh ports. ex 22.  If I could find evidence of an encypted cifs protocol on 445 I would, but I can't.

The problem here is we are a 95% unix/linux shop. In the past windows users had these ports opened to file share between the production world. Now that is turned off and I need to find the best/easiest possible way for these users to to still access production files from non production network desktops. If ssh tunneling through putty or winscp is the best way then so be it.


I guess I could always setup samba drop boxes inside the production network?
0
 
ahoffmannCommented:
if you tunnel port 139 (and 137 probably too) to a server, there should be no need for more than one ssh connection
Could you please post your configuration (ssh command line:)
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
WinPEAuthor Commented:
that it though, were connecting to multiple servers. Somtimes up to 20, 20 loopbacks?

I'm using putty to tunnel the ssh
10.0.0.1:139           testserver.blah.com:139
0
 
BlazCommented:
What about using a VPN connection? You could use openVPN to connect the two sites through port 22 for example. http://openvpn.net/
0
 
ahoffmannCommented:
Blaz, the problem with all ssh tunneling is that you need a unique local port for each remote server, hence you may tunnel up to roughly 65000 remote servers's port 139, but each needs its unique local port.
I assume that WinPE cannot change stupid XP to user other port than 139 for SMB.
0
 
BlazCommented:
@ahoffmann: Yes I am aware of ssh port forwarding limitations - in the past I have successfully forwarded port 139 for windows file sharing over SSH and also forwarded this port with DNAT. I noted this limitation in my first post - effectively from one machine (or interface or IP) you can forward to only one server.

That is why I am suggesting to connect the two networks vith a VPN (which can run over SSH). With VPN you can connect two subnetworks together (all computer IPs with all the ports) over a single SSH session. As I have not used openVPN product before I am not sure if this can be done with it so please correct me if I am wrong.
0
 
ahoffmannCommented:
ahh, I missed the point to connect the whole subnet ...
0
 
WinPEAuthor Commented:
Only a small part of our company needs to access these windows servers.. So I could change the port through the registry if its possible.

Could I map the port through a ipsec tunnel, when the two domains arent trusted? Guess im stuck with ssh. Most likely I will stick a windows drop box or a unix samba server at each major site... have the users ssh into that box either through a windows dameon or unix share and grab the files...  The rest of the files can be moved within the network to those shares.
0
 
ahoffmannCommented:
if you have IPSec, then the networks are connected anyway, why would you then use ssh for tunneling?
0
 
WinPEAuthor Commented:
we could use ipsec,but the desktop domain and the production domain are different... and they arent trusted... So as far as I know, ipsec cant work across untrusted domains.
0
 
ahoffmannCommented:
IPSec has nothing to do with domains (neither DNS nor window domains).
It just relies on IPs, its configuration and the keys you use.
0
 
WinPEAuthor Commented:
Theres no way to tie an sshd server into active directory for authentication right?
0
 
ahoffmannCommented:
you mean sshd on windoze?
On Unix/Linux sshd can be configured with pam modules which authenticates agains AD also, IIRC ...
0
 
WinPEAuthor Commented:
really? Can I configure sshd within cygwin to do this?
0
 
ahoffmannCommented:
cygwin is poor windoze, I doubt (but have to admit that I never tested ...)
0
 
WinPEAuthor Commented:
copssh, will work in this situation for me..
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 7
  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now