Solved

Mapping a network drive over SSH in Windows

Posted on 2008-10-28
13
1,653 Views
Last Modified: 2012-05-05
Im trying to share a network drive over internet. Many has recomended to create trust relationship between domains and use VPN. However this sounds to be a bit complex and my two systems are runing on MS Small Business Server 2003 and there is also license limitations to do this. I have found some articles that this should be possible to do with SSH. My environmet is that I have one SBS2003 environment in city A and other SBS environment in city B. These environments want to share one common network drive together. If it helps I can setup third environment where is real Windows Server 2003 or 2008 (not SBS). Do someone has some basic introduction how to do this with SSH (or by someother way). Im not familar at all with SSH and I would like to be sure that this share what im building would be safe.
0
Comment
Question by:thaapavuori
  • 7
  • 6
13 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22826175
Do you want the files to exist in SiteA or SiteB? Keep in mind that the files are going to be pulled across the wire to whatever site does not host them.
0
 

Author Comment

by:thaapavuori
ID: 22826234
It doesnt matter they can exist in SiteA or in SiteB (they are my customers) or these files can stay in my own server and these SiteA and SiteB can use those files over internet.
0
 

Author Comment

by:thaapavuori
ID: 22826252
There is not very much network trafic, these files will be basically just office and pdf files and there will be less than 50 users which are using them randomly.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22826398
Probably the easiest way to do this would be to this would be to set up a share in SiteA, create a user account in the domain @ SiteA that is granted permission to access the shared folders, then forward ports 135-139 to the internal IP address of the server that is doing the sharing. Optionally you can set up a DNS entry to point to the external IP of SiteA

You can then (from SiteB) map the drive by going to \\ExternalIPAddressofSiteA\Share (or \\DNSNameForSiteA\Share) and connect by using the username and password you set up.
0
 

Author Comment

by:thaapavuori
ID: 22828765
This sounds clever. Do you know some step by step article how to do this?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22833615
I couldn't find a guide but the steps are pretty straight forward.

1) Set up the share in the site you want to share the files from.

2) Set up a user in the domain that is sharing the files that the other users will use to connect to the share.

3) Grant share and NTFS permission to the shared folder for the user you just set up.

4) Log into your router and forward ports 135 - 139 (TCP and UDP) and 445 (TCP and UDP) to the internal IP address of the server that is sharing the files.

5) Figure out the EXTERNAL IP address of the site that is sharing the files.

6) At the site that you want to download the files to you should then be able to map a drive to \\IPAddressFromPreviousStep\ShareName

You can do all of these steps one at a time without affecting anything on your network so if you want to just walk through it and post results / problems back here I can help walk through it.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:thaapavuori
ID: 22833957
sounds simple. can i use private IP address and just make NAT from firewall to this private IP? Why I need to forward 445 SSL port? How about SSH, when I should install it and how i should configure it (or am i out?)?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834025
Yes, you can set it up that way. You just have to make sure that those ports get forwarded to the machine that is hosting the share.

443 is the default SSL port. 445 is used for NetBIOS name resolution. It may not be necessary, but it is listed as one of the ports used by Windows File Sharing.

My solution doesn't use SSH, you would just connect to the share (from the other site) by navigating to \\External IP Address\Share name.
0
 

Author Comment

by:thaapavuori
ID: 22834075
sorry i mixed those port numbers. so in this way these files are not encrypted at all? there is no any simple way encrypt them?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834094
There is no simple way (that I know of) to encrypt the files if you use this method. The only protection is restricting access to them based upon the username and password that you set up for file access.

If you require encryption then you may have to go with a different solution.
0
 

Author Comment

by:thaapavuori
ID: 22834150
ok... in this case user name and password are also transferred just blank text? You dont propaply have solution how to enrypt those files...?
0
 
LVL 14

Accepted Solution

by:
dfxdeimos earned 500 total points
ID: 22834347
I am not 100% sure, but I do not believe the passwords are sent in clear text since it using the Windows authentication mechanism... I could be wrong however. You could install wireshark after you had it set up and sniff the packets to find out.

The other option is to create a secure VPN tunnel between sites and connect the file share that way.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834454
If it doesn't work out as you planned just open up a new Question and alert me by e-mailing to:

richard <AT> r3portfolio <DOT> com
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now