Solved

Mapping a network drive over SSH in Windows

Posted on 2008-10-28
13
1,655 Views
Last Modified: 2012-05-05
Im trying to share a network drive over internet. Many has recomended to create trust relationship between domains and use VPN. However this sounds to be a bit complex and my two systems are runing on MS Small Business Server 2003 and there is also license limitations to do this. I have found some articles that this should be possible to do with SSH. My environmet is that I have one SBS2003 environment in city A and other SBS environment in city B. These environments want to share one common network drive together. If it helps I can setup third environment where is real Windows Server 2003 or 2008 (not SBS). Do someone has some basic introduction how to do this with SSH (or by someother way). Im not familar at all with SSH and I would like to be sure that this share what im building would be safe.
0
Comment
Question by:thaapavuori
  • 7
  • 6
13 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22826175
Do you want the files to exist in SiteA or SiteB? Keep in mind that the files are going to be pulled across the wire to whatever site does not host them.
0
 

Author Comment

by:thaapavuori
ID: 22826234
It doesnt matter they can exist in SiteA or in SiteB (they are my customers) or these files can stay in my own server and these SiteA and SiteB can use those files over internet.
0
 

Author Comment

by:thaapavuori
ID: 22826252
There is not very much network trafic, these files will be basically just office and pdf files and there will be less than 50 users which are using them randomly.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22826398
Probably the easiest way to do this would be to this would be to set up a share in SiteA, create a user account in the domain @ SiteA that is granted permission to access the shared folders, then forward ports 135-139 to the internal IP address of the server that is doing the sharing. Optionally you can set up a DNS entry to point to the external IP of SiteA

You can then (from SiteB) map the drive by going to \\ExternalIPAddressofSiteA\Share (or \\DNSNameForSiteA\Share) and connect by using the username and password you set up.
0
 

Author Comment

by:thaapavuori
ID: 22828765
This sounds clever. Do you know some step by step article how to do this?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22833615
I couldn't find a guide but the steps are pretty straight forward.

1) Set up the share in the site you want to share the files from.

2) Set up a user in the domain that is sharing the files that the other users will use to connect to the share.

3) Grant share and NTFS permission to the shared folder for the user you just set up.

4) Log into your router and forward ports 135 - 139 (TCP and UDP) and 445 (TCP and UDP) to the internal IP address of the server that is sharing the files.

5) Figure out the EXTERNAL IP address of the site that is sharing the files.

6) At the site that you want to download the files to you should then be able to map a drive to \\IPAddressFromPreviousStep\ShareName

You can do all of these steps one at a time without affecting anything on your network so if you want to just walk through it and post results / problems back here I can help walk through it.
0
 

Author Comment

by:thaapavuori
ID: 22833957
sounds simple. can i use private IP address and just make NAT from firewall to this private IP? Why I need to forward 445 SSL port? How about SSH, when I should install it and how i should configure it (or am i out?)?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834025
Yes, you can set it up that way. You just have to make sure that those ports get forwarded to the machine that is hosting the share.

443 is the default SSL port. 445 is used for NetBIOS name resolution. It may not be necessary, but it is listed as one of the ports used by Windows File Sharing.

My solution doesn't use SSH, you would just connect to the share (from the other site) by navigating to \\External IP Address\Share name.
0
 

Author Comment

by:thaapavuori
ID: 22834075
sorry i mixed those port numbers. so in this way these files are not encrypted at all? there is no any simple way encrypt them?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834094
There is no simple way (that I know of) to encrypt the files if you use this method. The only protection is restricting access to them based upon the username and password that you set up for file access.

If you require encryption then you may have to go with a different solution.
0
 

Author Comment

by:thaapavuori
ID: 22834150
ok... in this case user name and password are also transferred just blank text? You dont propaply have solution how to enrypt those files...?
0
 
LVL 14

Accepted Solution

by:
dfxdeimos earned 500 total points
ID: 22834347
I am not 100% sure, but I do not believe the passwords are sent in clear text since it using the Windows authentication mechanism... I could be wrong however. You could install wireshark after you had it set up and sniff the packets to find out.

The other option is to create a secure VPN tunnel between sites and connect the file share that way.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22834454
If it doesn't work out as you planned just open up a new Question and alert me by e-mailing to:

richard <AT> r3portfolio <DOT> com
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question