|
Gateway Access to an SSH-Secured SMB
Share
This set of steps should
be followed by those wanting to set up a secure tunnel to an SMB
share that is accessible to multiple users within a local network
(this "gateway" machine running SecureCRT
will not be able to map any network shares itself).
- Configure the local network interface such that NetBIOS over
TCP/IP is disabled. If you have to change
this option, you should reboot your machine.
- From the Control Panel, select Network and Dial-up
Connections (on Windows 2000) or Network Connections (on Windows XP); right-click on the Local Area Connection
and choose Properties.
- Select Internet Protocol (TCP/IP) and click
on the Properties button.
- Click on the Advanced button and navigate to
the WINS tab.
- Select Disable NetBIOS over TCP/IP. If this
option is not already selected,
close all dialogs using the OK button and reboot
the machine. If this option was already selected, you may
want to reboot anyway.
- If your environment does not require you to
leave File and Printer Sharing installed, remove the
File and Printer Sharing components for Microsoft Networks:
- From the Control Panel, select Network and Dial-up
Connections (on Windows 2000) or Network Connections
(on Windows XP); right-click on Local Area Connection
and choose Properties.
- Select the File and Printer Sharing for Microsoft
Networks and click on the Uninstall button.
When prompted with Are you sure...?, click on
the Yes button, and close the Local Area
Connection Properties dialog.
- If your environment requires you to leave File and Printer
Sharing installed, disable Direct Hosting (the service on port 445):
- Start the registry editor.
- Locate and then click on the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters
- Add the following registry value:
Value Name: SmbDeviceEnabled
Type: REG_DWORD
Value Data: 0
- Reboot the machine
- Create a session in SecureCRT that will connect
to the remote SSH server and will forward from port 139 to the
remote SMB server.
- Fill in the hostname/IP address and port of the SSH server
to which you will be connecting.
- Navigate to the Port Forwarding category.
- Enter the name of port forward entry (for example, SMB).
- In the Local section, ensure that the Manually
select local IP Address on which to allow connections
option is not enabled.
- In the Remote section, enter the hostname or
IP Address of the SMB server relative to the SSH server. For
example, if the SMB shares exist on the same machine as the
SSH server, enter the name of that machine.
- Before exiting SecureCRT, navigate to the Global
Options dialog in the Options
/ Advanced category).
- Select the Configuration folder path and copy it
to the clipboard.
- Exit SecureCRT, browse to the configuration folder
(which should already be in the clipboard).
- Edit the newly-created session's .ini file to allow connections
from all the addresses in your LAN that you want to have access
to this drive mapping through this forwarded port.
SecureCRT should be closed completely before editing the session's
.ini file. The line in the session's .ini file should be changed to something similar to:
S:"Port
Forward Filter"=allow,192.168.0.0/255.255.255.0,0 deny,0.0.0.0/0.0.0.0,0
This step will allow
other computers from within the same network to access this forwarded
port from their machines.
- Start SecureCRT and connect to the SMB-forwarding
session.
- Once connected with SecureCRT on a separate machine, you will not be able to access any of the shares or map to any
of the shares provided by this SSH connection on the same
"gateway" machine. This is a side-effect of having disabled
NetBIOS over TCP/IP.
- Start Windows Explorer and in the address bar, enter the following:
\\IP_ADDRESS_OF_TUNNEL_GATEWAY_MACHINE
and press ENTER to browse the shares available on the remote
SMB server. Or, you can use Tools / Map Network Drive and specify
the following path:
\\IP_ADDRESS_OF_TUNNEL_GATEWAY_MACHINE\SHARE_NAME
Was this information helpful?
|
|
