I am lazy and therefore I like it when everything is organized conveniently, without unnecessary gestures. Sometimes I am too lazy to do it comfortably.
Once I needed to organize access to the server via SMB and while looking for a solution I came across the following article: Mounting your Nikhef home directory using SSH for Windows 8 . It was a simple and easy to use solution that Putty used. A little later, I had to configure this solution on another computer and I realized that Putty was superfluous here since the built-in ssh client based on OpenSSH appeared in Windows 10.
Under the cut - an identical scheme, only using OpenSSH under Windows 10.
My scheme is organized as follows:
- Samba is running on the server, the root folder with sites is shared on behalf of the www-data user. Access to the server only via ssh with key authorization. Server behind NAT, port forwarded only for ssh.
- In the process of logging into an account on a home machine on Windows 10 through the built-in OpenSSH system, a connection is established to the server with authorization by key.
- Port 445 of the remote machine is tunneled to local port 44445 of the network loopback adapter available at 10.255.255.1
- On loopback adapter 10.255.255.1 port 44445 is proxied to local 445. Thus, when connecting to \\ 10.255.255.1 \, a remote file ball opens (which, if necessary, is mounted as a network drive).
All this is automatic - laziness triumphs. Safe, fast and native looking. Any editor can open and edit files on a remote server as well as on my local one - without problems downloading the edited files and setting them the necessary permissions. That being said, there are no security issues with Samba.
So - first step by step:
WINDOWS side
OpenSSH. Windows 10 Windows Server 2019 SSH OpenSSH. . –
ssh
— "", .
1.
loopback- . .
hdwwiz.exe
« » ( Windows 10 Pro).
«» -> « , » -> « » -> «Microsoft –> Microsoft KM-Test» -> «»
, , devcon.exe, .
CMD ( ).
netsh interface show interface
. Ethernet 2.
:
netsh interface ip set address name="Ethernet 2" source=static address=10.255.255.1 mask=255.255.255.010.255.255.1
, TCP- 445, Windows lanmanserver . lanmanserver portproxy, .
( «start=» !!!):
sc config lanmanserver start= demand
sc config iphlpsvc start= auto10.255.255.1 44445 445
netsh interface portproxy add v4tov4 listenaddress=10.255.255.1 listenport=445 connectaddress=10.255.255.1 connectport=44445, lanmanserver .
loopback-,
netstat -an | find ":445 "
TCP 10.255.255.1:445 0.0.0.0:0 LISTENING. "0.0.0.0:445" — - .
netsh interface portproxy show v4tov42.
. , .
mkdir %APPDATA%\CIFSoverSSH
cd %APPDATA%\CIFSoverSSHssh- ( , : cifsoversshkey)
ssh-keygen -t rsa -N "" -f cifsoversshkey . , OpenSSH UNPROTECTED PRIVATE KEY FILE! . , Windows. GUI, . Windows :
icacls cifsoversshkey /RESET
icacls cifsoversshkey /grant _:F /inheritance:r, .
icacls cifsoversshkey , OpenSSH !
cifsoverssh.cmd :
call cmd /c start "" /B C:\Windows\System32\OpenSSH\ssh.exe user@111.111.111.111 -p remoteport -i %APPDATA%\CIFSoverSSH\cifsoversshkey -L 10.255.255.1:44445:localhost:445 -N -o "StrictHostKeyChecking=no":
user@111.111.111.111 – linux @
3.
: powershell -nologo -noninteractive -windowStyle hidden -command "%APPDATA%\CIFSoverSSH\cifsoversshkey.cmd"
powershell . CMD , , .
:
schtasks /CREATE /RU %username% /TN "CIFS over SSH" /TR "powershell.exe -nologo -noninteractive -windowStyle hidden -command %APPDATA%\CIFSoverSSH\cifsoversshkey.cmd" /SC ONLOGON /DELAY 0000:10 /IT /RL highestWindows .
Linux
, ssh- .
ssh windows-
C:\Windows\System32\OpenSSH\ssh.exe user@111.111.111.111 -p remoteport, ~/.ssh/authorized_keys ( – ).
mkdir ~/.ssh && touch ~/.ssh/authorized_keys, windows- ( %APPDATA%\CIFSoverSSH\cifsoversshkey.pub). . , .
Samba ( Debian)
apt update && apt install samba
mv /etc/samba/smb.conf /etc/samba/smb.conf.old
touch /etc/samba/smb.conf:
[global]
realm = webserver
server string = Web server
workgroup = WORKGROUP
# Setup charsets
dos charset = cp1251
unix charset = utf8
# Disable printers
load printers = No
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
# Setup logging
log file = /var/log/smbd.log
max log size = 50
max xmit = 65536
debug level = 1
# Setup daemon settings
domain master = No
preferred master = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 SO_KEEPALIVE
os level = 65
use sendfile = Yes
dns proxy = No
dont descend = /proc,/dev,/etc
deadtime = 15
# Enable synlinks
unix extensions = No
wide links = yes
follow symlinks = yes
# Securtity settings
security = user
map to guest = Bad Password
guest account = nobody
create mask = 0664
directory mask = 0775
hide dot files = yes
client min protocol = SMB2
client max protocol = SMB3
[ShareName]
comment = Sites folder
path = /home/web
force user = www-data
force group = www-data
read only = No
guest ok = Yes
writable = yes
create mask = 0664
directory mask = 2775. ShareName. Path = , . force user force group linux-, . - – www-data
Samba
systemctl restart smbdWindows
exit. windows ( ).
\\10.255.255.1\ShareName — .