Tunneling SMB over SSH: Secure file sharing

Suppose you’re at an open wireless hotspot and wish to connect the Samba server from your Windows laptop, but you don’t want to send data (documents, authentication hashes etc.) over the air in plain text.

Using SSH tunnels, you can encrypt all your network traffic and redirect it through a trusted computer when you’re connected to an untrusted network. The goal of this hack is to enable Windows users securely access shared files on any Samba server.

So, what are SSH Tunnels? In addition to providing remote shell access and command execution, SSH servers can forward ports to the other end of your connection. This can be extremely useful to protect any traffic that you need to keep private. In a nutshell, it is accomplished by binding to a local port, encrypting the traffic, sending the encrypted data to the remote machine, and then decrypting it and sending it to the remote host and port you specify.

Samba and Windows use port 139 for file sharing. At first glance, it seems that the easy solution is to tunnel connections from port 139 on your Windows computer to the Samba server. Then you can easily connect to the remote share by connecting to “localhost”. But since Windows always uses port 139 for file sharing, you must disable local file sharing to make the port forwarding.

So, how do we tunnel SMB over SSH and keep local file sharing working? We’re going to use a virtual network adapter. Basically, a virtual network adapter is a software application that allows a computer to connect to a network. We’re going to add a virtual adapter to our Windows computer and create a SSH tunnel over the virtual interface.

Read more at www.security-hacks.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s