Solved

Ways to connect a windows box to a windows server share through ssh?

Posted on 2007-11-20
17
258 Views
Last Modified: 2010-04-21
Our windows desktops and servers are on two different networks with port 139 blocked. So simple file mapping cannot occur. However ssh is allowed.

Currently the only way I know how to map a drive to a windows share through ssh is:
-Create a ms loopback
-setup a putty session with an ssh server on the server network and tunnel 139 through that session.

This is extremely tedius, b/c for every mapped drive you have to setup an additional loopback. Anyone else have any other suggestions?
0
Comment
Question by:WinPE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 3
17 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 20320086
The first question would be why is port 139 blocked. Is there a good reason for that? You are trying to bypass this limitation so if there is a good reason for blocking port 139 there should be a good reason not to create bypasses...

Otherwise you can forward the port 139 (which I believe you are doing) but from a single computer you can only forward to one server (not only for one shared folder).

You could also use other copying software: ftp, sftp, ...
0
 

Author Comment

by:WinPE
ID: 20320312
Well they block 139 along with most major ports. Except for common ssh ports. ex 22.  If I could find evidence of an encypted cifs protocol on 445 I would, but I can't.

The problem here is we are a 95% unix/linux shop. In the past windows users had these ports opened to file share between the production world. Now that is turned off and I need to find the best/easiest possible way for these users to to still access production files from non production network desktops. If ssh tunneling through putty or winscp is the best way then so be it.


I guess I could always setup samba drop boxes inside the production network?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20322149
if you tunnel port 139 (and 137 probably too) to a server, there should be no need for more than one ssh connection
Could you please post your configuration (ssh command line:)
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:WinPE
ID: 20322248
that it though, were connecting to multiple servers. Somtimes up to 20, 20 loopbacks?

I'm using putty to tunnel the ssh
10.0.0.1:139           testserver.blah.com:139
0
 
LVL 16

Expert Comment

by:Blaz
ID: 20323745
What about using a VPN connection? You could use openVPN to connect the two sites through port 22 for example. http://openvpn.net/
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20326068
Blaz, the problem with all ssh tunneling is that you need a unique local port for each remote server, hence you may tunnel up to roughly 65000 remote servers's port 139, but each needs its unique local port.
I assume that WinPE cannot change stupid XP to user other port than 139 for SMB.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 20326449
@ahoffmann: Yes I am aware of ssh port forwarding limitations - in the past I have successfully forwarded port 139 for windows file sharing over SSH and also forwarded this port with DNAT. I noted this limitation in my first post - effectively from one machine (or interface or IP) you can forward to only one server.

That is why I am suggesting to connect the two networks vith a VPN (which can run over SSH). With VPN you can connect two subnetworks together (all computer IPs with all the ports) over a single SSH session. As I have not used openVPN product before I am not sure if this can be done with it so please correct me if I am wrong.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20326512
ahh, I missed the point to connect the whole subnet ...
0
 

Author Comment

by:WinPE
ID: 20328220
Only a small part of our company needs to access these windows servers.. So I could change the port through the registry if its possible.

Could I map the port through a ipsec tunnel, when the two domains arent trusted? Guess im stuck with ssh. Most likely I will stick a windows drop box or a unix samba server at each major site... have the users ssh into that box either through a windows dameon or unix share and grab the files...  The rest of the files can be moved within the network to those shares.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20334065
if you have IPSec, then the networks are connected anyway, why would you then use ssh for tunneling?
0
 

Author Comment

by:WinPE
ID: 20334686
we could use ipsec,but the desktop domain and the production domain are different... and they arent trusted... So as far as I know, ipsec cant work across untrusted domains.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20335162
IPSec has nothing to do with domains (neither DNS nor window domains).
It just relies on IPs, its configuration and the keys you use.
0
 

Author Comment

by:WinPE
ID: 20383023
Theres no way to tie an sshd server into active directory for authentication right?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 20388124
you mean sshd on windoze?
On Unix/Linux sshd can be configured with pam modules which authenticates agains AD also, IIRC ...
0
 

Author Comment

by:WinPE
ID: 20388528
really? Can I configure sshd within cygwin to do this?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 20388661
cygwin is poor windoze, I doubt (but have to admit that I never tested ...)
0
 

Author Closing Comment

by:WinPE
ID: 31410120
copssh, will work in this situation for me..
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question