Tuesday, February 20, 2007

SMB over SSH tunnel setup

Sometimes I need access to a SMB server. This SMB server is hidden behind the company's firewall and the only way to get behind the firewall is a SSH server. So you need a so called SSH tunnel to connect your machine (outside the firewall) with the SMB server (inside the firewall). To establish the connection, you need the following information:
  • Name of SSH-server and an account on that server
  • Name of SMB-server and an account on that server
  • Of course, you'll need to know which folder you want to access
The following steps install a SMB connection over a SSH tunnel. I've tested these steps using Mac OS X.
Step 1: Install SSH tunnel
The shell command is simply ssh -N -l username_on_ssh_server -L 139:smb_server:139 ssh_server You may call this line using sudo. After starting the tunnel, it's like you have an SMB-server running on your local machine listening on port 139 (which is the SMB port).
Step 2: Mount SMB on localhost
You can simply mount a SMB folder on your local machine by mount_smbfs -I localhost -U username_win_domain//smb_server_name/remote_folder local_folder This line mounts a folder on the smb server to your local file system.
Example: Assume the ssh-server is "ssh.test.com", the smb-server is "smb.test.com", your user name on ssh.test.com is "jdoe" and you want to mount the remote folder "project" to your local folder "company". Your user name on smb.test.com is "JohnDoe". ssh -N -l jdoe -L 139:smb.test.com:139 ssh.test.com and (in a new terminal window) mount_smbfs -I localhost -U JohnDoe//smb/projects company Some notes on the Finder: After mounting the folder from command line, it is possible that the Finder does not recognize the mounted folder. Browser your file system with the folder to open the folder. Sometime it happes (at least on my system) that the mounted folder cannot be seen in the finder windows. Then I have to open the folder with Cmd-Shift-G. Unmounting the folder also does not work with the finder, you will have to call umount company in the example and restart the finder (Ctrl-Mod click on Finder icon in dock) to remove the icon of the network folder from the desktop.