Mapping network drive via SSH on Linux, Windows and Mac

Problem: Mapping a remote network drive via SSH on Linux, Windows and Mac OS.

Solution:

Tested on Windows XP-SP3/7, Linux (Redhat/Fedora, Ubuntu), and Mac OS (Snow Leopard 10.6).

Update (2/23/2015): Hopefully newer OS versions make this process easier. If SSH tunneling is sluggish, try setting the compression level and/or cipher options.

For Linux  (Redhat/CentOS/Fedora, Ubuntu), you can use SSH directly. The option is likely available through the GUI; if not, it is fairly easy to pull off in the terminal. (see sshfs)

For Windows or Mac drive mapping, SSH is not enough; Samba service is required. We tunnel it through SSH to keep the connection secure.

For Windows XP-SP3:

If you have ‘File and Printer Sharing’ enabled for your network device, Windows will not allow you to tunnel from another source to the samba port 139 for that network device.  Thus, assuming that you will likely want to keep both your Windows and Samba shares, you will need to create a loopback device and tunnel port 139 to this new device. The following are steps for doing this (derived from this posting):

First, add the Loopback Adapter to the Windows client machine:

  1. Open up the Add Hardware control panel (Start > Control Panel > Add Hardware)
  2. Click next and wait for search to conclude nothing was found.
  3. Choose ‘Yes, I have already connected the hardware’
  4. Scroll to the bottom of the ‘Installed hardware’ list box and choose ‘Add new hardware device’
  5. Now choose ‘Install the hardware that I manually select from a list (Advanced)’
  6. Select  ‘Network adapters’
  7. Under ‘Manufacturer’ you want ‘Microsoft’
  8. For ‘Network Adapter’ choose ‘Microsoft Loopback Adapter’. Continue with installation.
  9. Open the adapters properties dialogue (Start > Control Panel > Network Connections and then right click on the adapter and choose properties)
  10. Uncheck all items listed except for ‘Internet Protocol (TCP/IP).
  11. Highlight ‘Internet Protocol (TCP/IP)’ and click the ‘Properties’ button
  12. Choose ‘Use the following IP address’
  13. Enter ‘10.0.0.1′ for ‘IP address’ (or any other valid and unused local address: 10.x.x.x, 172.16.x.x, and 192.168.x.x). This will be the IP of your loopback adapter; make note of it for later.
  14. Enter ‘255.255.255.0′ for ‘Subnet mask’
  15. Click the ‘Advanced’ button and on the ‘WINS’ tab
  16. Enable ‘Enable LMHOSTS Lookup’
  17. Check ‘Disable NetBIOS over TCP/IP’
  18. Restart you computer (even though Windows does not prompt for this step)

Next, configure the SSH Tunnel

  1. Download and Open PuTTY.
  2. Using the configuration window on the left, navigate to Connection > SSH.
  3. Enable two boxes “Don’t start a shell or command at all” and “Enable Compression”.
  4. Navigate to Connection > SSH > Tunnels
  5. For ‘Source port’, enter ‘10.0.0.1:139′ (replacing IP as needed if a different loopback address was chosen before in step 13). For ‘Destination’, enter ‘localhost:139′. Click the ‘Add’ button.
  6. Navigate to “Sessions” (the initial screen) to enter the host information and save the connection profile (so you don’t have to reconfigure again).
  7. Start Putty session.

Finally, map the network drive:

  1. Open ‘My Computer’ and choose ‘Map network drive’ from the menu bar.
  2. For ‘Folder’, enter ‘\\ssh-host\samba-folder’, where ssh-host and samba-folder are substituted accordingly. If required, choose ‘Connect using different credentials’.

 

For Windows 7:

A different solution is required for Windows 7. You don’t need a loopback adapter to use both your Windows and Samba shares, but instead you will have to do some service management. You can do this service management manually (based on this post and explained below), or in an automated way using batch scripts.

Firstly, Disable Windows “Server” service and Reboot.

  1. Right click on ‘Computer’, select ‘Manage’.
  2. Navigate to ‘Services and Applications’ > ‘Services’
  3. Locate service named “Server” and open properties.
  4. Set ‘Startup Type’ to Disabled, and choose the “Stop” button to stop the service.
    • Important: this will stop your Windows shares.
  5. Reboot your system.

Next, configure the SSH Tunnel

  1. Download and Open PuTTY.
  2. Using the configuration window on the left, navigate to Connection > SSH.
  3. Enable two boxes “Don’t start a shell or command at all” and “Enable Compression”.
  4. Navigate to Connection > SSH > Tunnels
  5. For ‘Source port’, enter ‘139′. For ‘Destination’, enter ‘localhost:139′. Click the ‘Add’ button.
  6. For ‘Source port’, enter ‘445′. For ‘Destination’, enter ‘localhost:445′. Click the ‘Add’ button.
  7. Navigate to “Sessions” (the initial screen) to enter the host information and save the connection profile (so you don’t have to reconfigure again)
  8. Start Putty session.

Finally, map the network drive and resume Windows “Server” server:

  1. Open ‘My Computer’ and choose ‘Map network drive’ from the menu bar.
  2. For ‘Folder’, enter ‘\\localhost\samba-folder’, where samba-folder is substituted accordingly. If required, choose ‘Connect using different credentials’.
  3. Return to ‘Properties’ screen for windows “Server” service (as done initially).
  4. Set ‘Startup Type’ to Manual, and choose the “Start” button to stop the service.
  5. You can now access both your windows and Samba shares.

Important: Before shutting down Windows, you may need to disable Windows “Server” service (same as initial step above) if you want to make use of your Samba share again after Windows is restarted. As you can tell, this can be annoying to do manually and to even remember; one can automate this process by adding two scripts to the Windows scheduler.

For Mac OS (Snow Leopard 10.6):

This section is derived from this posting .

Firstly, configure the SSH tunnel:

  1. Open a terminal window.
  2. Use the following command (sudo or root access required) to set up a loopback alias and tunnel the required Samba ports, filing in ‘user’ and ‘ssh-host’ accordingly:
    • sudo ifconfig lo0 127.0.0.2 alias up
      • where 127.0.0.2 is an alias for your loopback adapter. This IP can be any other acceptable and unused local address: 10.x.x.x, 172.16.x.x, and 192.168.x.x . If different is chosen, make sure to reflect that change within the next command.
    • sudo ssh -NL 127.0.0.2:139:localhost:139 -NL 127.0.0.2:445:localhost:445 user@ssh-host

Finally, map the network drive:

  1. Choose the “Connect to Server” option from the Finder menu bar.
  2. Connect to the following, filing in ‘user’ accordingly: smb://user@127.0.0.2
  3. Enter Samba credentials and continue.

8 Comments

 Add your comment
  1. Regarding the Windows 7 solution, do you mean port 445? Regardless, this does not work for me, event log says that port 445 connection is refused by server. I am running samba 2 on a dd-wrt router, perhaps newer version of samba is required?

    Thank you.

    • You’re right, the port should be 445; I corrected that typo. I haven’t tried connecting to a Samba server running on DD-WRT. For reference, my server was linux Fedora 12 running samba version 3.4.7. It appears that the latest version of Samba is now 3.5.4. You could consider upgrading. You may also want to investigate whether the samba service is properly started and if this could possibly be a firewall issue (though I’m not too familiar with samba server running on DD-WRT).

  2. Thanks for the tutorial. I have a few follow on questions, I am on Win 7 64bit and my SMB server is Ubuntu 10.04 based :

    1. In case I don’t really need the “Server” service, I can just leave it as disabled and only enable it manually when I need to right?

    2. How about mounting multiple shares on different machines with different IP address? using just “localhost” will not work in that case right? Perhaps installing multiple loopback adapters, with different 10.0.0.x addresses for each server will be needed in that case?

    Thanks for the pointers though — this is very useful for securing SMB access. All the previous techniques do not seem to work with Windows 7 – 64bit. e.g. http://blog.simonholywell.com/post/374206082/samba-file-share-over-ssh-tunnel (this link was quite useful too but didnt work for me).

    –uv

  3. UV: I think you’re on the right track with both your points, 1 & 2. I’d like to hear if it all works out for you.

  4. Thanks for this great tutorial.

    As my planned SSH tunnel client machine is a Windows 2008 Server, I’m looking at more robust and multi-user friendly ways to achieve this.

    Here’s what I’m thinking:
    1. Use Plink (= Command-line version of Putty from same author) to create the SSH tunnel and use SrvAny or NSSM to turn it into a service (ref: http://xxlinxx.wordpress.com/2009/03/23/set-up-an-ssh-tunnel-as-a-windows-service-using-putty-plink/)
    2. Change the startup mode of the Server (LanmanServer) service to “Automatic (delayed start)”, while adding the newly created Plink service as one of its dependencies in the registry (ref: http://support.microsoft.com/kb/193888)

    I would expect it to work, but unfortunately, I’ve got a rather limited maintenance window to try it out, so any feedback would be appreciated.

  5. Great tutorial, but I could use some help.

    When I go step 2, to map my folder ‘\localhostmyUserName’ I get “Access Denied. And then I get a pop-up that asking me to “Enter your password to connect to: localhost” dialog. What gives? Also, I’m on a domain.

    Neither my windows or unix username and password work.

  6. Awesome. Thanks for the tips

  7. Thanks for the credit :]

Leave a Comment Cancel reply

Your email address will not be published.