Answer the question
In order to leave comments, you need to log in
How to set up an ssh tunnel for smb?
Good afternoon!
There are:
1) a rented server on windows core (without a graphical interface)
2) a provider with blocking ports 135-139, 445 (cannot be changed)
3) smb balls on this server (works over a network FROM OTHER PROVIDERS. This protocol is needed)
4 ) ssh access to the server
5) RDP access to the server
6) clients on windows
Necessary:
Organize access to the smb ball through a provider with blocking ports without third-party resources.
As far as I understand: it is necessary to make a tunnel for connection, in principle, port 445 should be enough for work.
What was tried: https://habr.com/ru/post/528414/ etc. Instructions (in principle, they are all copy-paste with the same English-language)
At the moment, it is not possible to connect.
VPN works, but in this situation it is not considered as a solution and there are no resources on the server for it.
Side problem: I absolutely don't understand how ssh works. More examples please!
As far as I understand, you need something like: ssh -L 445:127.0.0.1:445 [email protected] but unfortunately this does not help me. Or are there easier options?
Answer the question
In order to leave comments, you need to log in
There are three options for port forwarding in ssh.
-L lport:remote.host:rport specifies client port forwarding, i.e.
1. The SSH client is listening on the lport port on its machine. By default on all network interfaces, but you can specify the desired address that will be listened to, like this: bind.address:lport:remote.host:rport
2. when someone connects to this port, the client tells the server
3. the server connects to the remote .host:rport
4. Further data is forwarded through this tunnel.
-R rport:local.host:lport works the other way around
1. The SSH server listens on the rport port on its side. By default on all network interfaces, but you can specify the desired address that will listen, like this: bind.address:rport:local.host:lport
2. when someone connects to this port, the server notifies the client
3. the client connects to local.host:lport
4. Further data is forwarded through this tunnel
And the last, the most practical, but the most difficult to control.
-D lport or -D bind.address:lport
1. the client listens on the lport port on its side
2. when someone connects to this port, the client forwards the connection to the ssh server
3. the ssh server responds using the SOCKS4/SOCKS5 proxy protocol, and performs further connections depending on the wishes of the connecting application.
Those. for this to work, the application needs to be able to work with SOCKS proxies.
Doesn't help - so you need to debug. I didn't quite understand where the smb share is located - on the same host as the ssh server? Or on another? It is also worth making sure that the connection to the ssh server is established normally.
Finally, it is worth allocating a separate user on the server for such tunnels, and limiting his rights to everything except using the tunnel.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question