[SOLVED] SSH Tunnel to access Linux share from Windows

hrfister · 12-05-2018, 12:55 AM

Need help mapping a shared Linux drive with Samba server from home using an ssh tunnel. Reason: Want to use my laptop PC editor to edit python scripts remotely. Don't want to have to use SCP to constantly upload changes. I'm think I'm getting close, but the problem is that on my Windows PC at home, using CYGWIN, I try to connect with net use, I get prompted for the password, but immediately get disconnected.

WAN-LAN Topology scenerio:
---------------------------------

{pc@home---home-Router}--{internet}---{destFW---[dest_VM_Host_Server---[dest_VM_Guest]]}

home wan IP address: 73.23.x.x
destFW IP address: 216.75.x.x
dest_VM_Host_Server IP address: 192.168.1.g
dest_VM_Guest IP address: 192.168.3.x (Linux share is here)
END OF : WAN-LAN Topology scenerio:

dest_VM_Guest(192.168.3.x):configs and troubleshooting info:
------------------------------------------------------------
smbpasswd -a <my_username> (same as my personal pc used at home)

/etc/smb.conf
-------------------------------------------

Code:

[<share_name>]
path = /home/<my_username>/python #(it is actually a symlink to where I want to go)
follow symlinks = yes
valid users = <my_username>
read only = no

-------------------------------------------

I tested this locally:
-------------------------------------
# smbclient //localhost/<share_name> -U <my_username>%<my_password>

IT WORKED
smb: \> quit # to get out
----------------------------------------

Note: I also added a local username on the linux vm, the same as the smb service user, and my pc at home, just in case

Proof that SSH Tunnel on home PC is allowing me to get through:
--------------------------------------------------------------------
root@dest_VM_Guest:~# netstat -an | grep 445

Code:

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp        0      0 192.168.3.x:445        73.23.x.x:61142      ESTABLISHED
tcp        0      0 192.168.3.x:445        73.23.x.x:56737      ESTABLISHED
tcp        0      0 192.168.3.x:56888      192.168.1.y:445        ESTABLISHED
tcp        0      0 192.168.3.x:56112      192.168.1.z:445         ESTABLISHED
tcp6       0      0 :::445                  :::*                    LISTEN
unix  3      [ ]         STREAM     CONNECTED     445495
unix  3      [ ]         STREAM     CONNECTED     445497   /run/systemd/journal/stdout

--------------------------------------------------------------------

***SOMETHING HAPPENED IN AN ATTEMPT, BUT COULDN'T REPRODUCE THIS ERROR********

root@dest_VM_Guest:/var/log/samba# cat log.73.23.x.x

Code:

[2018/12/04 18:48:31.418992,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 18:52:28.840675,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:37:39.290723,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:44:58.312948,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
root@dest_VM_Guest:/var/log/samba# tail -f log.73.23.x.x
[2018/12/04 18:48:31.418992,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 18:52:28.840675,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:37:39.290723,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:44:58.312948,  0] ../source3/smbd/process.c:340(read_packet_remainder)
  read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.

(note: I did a tail -f on /var/log/syslog, and /var/log/auth.log but not getting anything. The only log showing any type of map attempt was this one I just printed)

END OF: dest_VM_Guest(192.168.3.x):configs and troubleshooting info:

dest_VM_Host_Server (192.168.1.g): config
------------------------------------------

/etc/iptables/rules.v4
----------------------

Code:

*nat
:PREROUTING ACCEPT [2073:228232]
-A PREROUTING -i vmbr0 -p tcp --dport 2022 -j DNAT --to 192.168.3.x:22
-A PREROUTING -p tcp -i vmbr0 --dport 1445 -j DNAT --to-destination 192.168.3.x:445
:INPUT ACCEPT [1215:153837]
:OUTPUT ACCEPT [207:12481]
:POSTROUTING ACCEPT [207:12481]
-A POSTROUTING -s 192.168.3.0/24 -o vmbr0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 19 14:43:46 2018
# Generated by iptables-save v1.6.0 on Mon Nov 19 14:43:46 2018
*filter
-A FORWARD -p tcp -d 192.168.3.x --dport 445 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
:INPUT ACCEPT [38326:11598248]
:FORWARD ACCEPT [107654:107563828]
:OUTPUT ACCEPT [32062:16571805]
COMMIT
# Completed on Mon Nov 19 14:43:46 2018

END OF: dest_VM_Host_Server (192.168.1.g): config

destFW(216.75.x.x) : config
----------------------------
Public Facing IP Address: 216.75.x.x
Public Protocol:TCP
Public Port:2445
LAN IP:192.168.1.g (dest_VM_Host_Server)
Local Port:1445
allowed remote IPs: any
END OF: destFW(216.75.x.x) : config

pc@home Windows 10 Pro(tried the following with FW ON & with FW OFF), IP CHICKEN GAVE ME: 73.23.x.x
------------------------------------------------------------------------------------------------------

<my_username> is the same smb username I set with smbpasswd -a on VM_Guest, with the same password.

----------------------------------------------------------------------------------------------------------
PUTTY (I'm impressed that this worked and went through all them hops from here to the final dest server)
-----
(to set up SSH TUNNEL)
HostName (or IP Address):216.75.x.x
Port: 2445

Left Pane:
> Connections > SSH > Tunnels
Source Port 444 (not sure how much this matters)
localhost:445
(THIS WORKS!, netstat on dest_VM_Guest, where linux share is shows that the connection on this port is established.)

----------------------------------------------------------------------------------------------------------
cygwin :
--------
net use '\\localhost\<share_name>' /USER:WORKGROUP\<my_username>
***IT BRIEFLY PROMPTS ME TO ENTER MY USERNAME, BUT THEN CUTS OFF

$ net use '\\localhost\Win-Ops-python' /USER:WORKGROUP\<my_username>
Enter the password for 'WORKGROUP<my_username>' to connect to 'localhost': System error 86 has occurred.

The specified network password is not correct.

---------------

Yes, I tried it with the password as follows:
net use '\\localhost\<share_name>' /USER:WORKGROUP\<my_username> <my_password>

..but it still doesn't work.

----------------------------------------------------------------------------------------------------------
Sec policy change, but it may not matter
-----------------------------------------
Local Policies > Security Options > Network security:LAN Manager authentication level > Set to "Send NTLMv2 response only. Refuse LM & NTLM"

END OF: pc@home Windows 10 Pro(tried the following with FW ON & with FW OFF), IP CHICKEN GAVE ME: 73.23.x.x

...any help is greatly appreciated!

scasey · 12-05-2018, 06:32 PM

TL;DR. I've never heard of an "ssh tunnel"...

To maintain code on a Linux machine from a Windows machine, use WinSCP. It can be configured to open remote files in an editor and save the changes back to the server...pretty much as if the files were local.

ondoho · 12-06-2018, 05:39 AM

please fix the formatting of your OP.
those overly long ==== lines mess up LQ's layout. it's not your fault, but it's very disturbing and i cannot get a clear overview of what you're trying to show us there.

michaelk · 12-06-2018, 08:03 AM

A ssh tunnel is the same thing as ssh forwarding. I agree that using WinSCP would be a lot easier then trying to tunnel CIFS traffic.

I have found a few guides and they require configuring a local loopback adapter to connect to the forwarded port and mapping the share.

https://www.nikhef.nl/~janjust/CifsO...0Loopback.html

hrfister · 12-06-2018, 09:42 AM

Gentlemen, thank you for your responses!

scasey, michaelk thanks. I am now using WinSCP to edit the files remotely with Notepad++. I had no idea this was possible. I always used emacs with ssh sessions but Notepad ++ is easier on the eyes and has a lot of neat little built in features to make editing a little easier and faster than emacs.

ondoho, the "====" were removed

, I thought I'd use it to separate the config and troubleshooting output information on each hop from point a to point b.

After my first post, before scasey suggested WinSCP, I did find this online:
http://how-to.cc/setup-windows-filesharing-over-ssh

I started to do this on my smb client on my Win 10 Pro workstation but got stuck on trying to disable the automatic starting of the file sharing service. After messing with this for over an hour, I decided to have a Windows seasoned expert advise me on how to proceed and this will have nothing to do with good ol Linux.

It was a good little exercise on port forwarding, nat, ivp4 packet fwding, samba, and the ssh tunnel using Putty. I'll still try to map from my windows PC through all of these hops with port filters/firewalls in between at least for in depth learning purposes. It can come in handy someday.

Thanks again guys!

scasey · 12-06-2018, 09:54 AM

You're most welcome. I used Notepad+ for years until I discovered SciTE. Runs on both Windows and Linux, has code highlighting.
You may use the Thread tools to mark the thread SOLVED, if you wish.