Vous êtes sur la page 1sur 3

Windows File Sharing and SSH Tunneling (Bitvise)

http://www.bitvise.com/file-sharing

English

Home About us Products sshlib The 'log' utility WinSSHD and Tunnelier WinSSHD Users' guide Usage FAQ Activation FAQ History Pricing License Tunnelier FTP bridge History Pricing License Screenshots Download Notifications Security Large scale Purchase Reseller list Reseller policy Affiliate program Customers How-tos and tutorials About SSH SSH Features How the internet works Using WinSSHD for SFTP Port forwarding guide Tunnel Remote Desktop Tunnel Windows shares Tunnel WinVNC Tunnelier as service Work at Bitvise Contact

Securing Windows File Sharing Using SSH Connection Tunneling


Tunneling Windows file shares is useful if you want to comfortably access files on a Windows machine that is only accessible via SSH, and you don't want to use SFTP or SCP. To tunnel Windows file shares over an SSH connection, you need to forward connections on port 139 on the sharing-consumer machine via SSH to the sharing-provider machine. The exact setup differs depending on the version of Windows on the sharing-consumer machine: Windows 2000: configure the SSH client to listen on interface 127.0.0.2 and connect to '\\127.0.0.2\sharename'. This is all that is necessary. Windows XP: same as for Windows 2000, but before using the forwarded share, the local (client's) Windows file sharing server needs to be stopped via 'net stop server'. To disable it permanently, run 'sc config lanmanserver start= disabled'. To re-enable it at a later time, run 'sc config lanmanserver start= auto'. Note the space between 'start= ' and the following parameter - sc will fail without it. If you want to avoid disabling the file sharing server on the client machine because you want to retain remote access to the client machine's shared resources, there is another alternative. You can install the Microsoft Loopback Adapter according to instructions relevant to your version of Windows: The Loopback Adapter and file share tunneling: Windows XP and 2003 The Loopback Adapter and file share tunneling: Windows 2000 The Loopback Adapter and file share tunneling: Windows NT4 If using the Microsoft Loopback Adapter, remember to setup your SSH client appropriately: use the Loopback Adapter's IP instead of 127.0.0.1 or 127.0.0.2. If you assigned the Loopback Adapter the IP address 10.10.10.10, configure a client-to-server port forwarding rule to listen on 10.10.10.10, port 139; then you can connect to '\\10.10.10.10\sharename'. If the instructions on this page fail for you, try some of the file share tunneling tips contributed by our users. Note that, in all cases, you will not be able to browse to the sharing-provider machine via point-and-click - the network path needs to be typed in manually.

Tunnel Windows shares


Main page MSLA on WinXP/2003 MSLA on Windows 2000 MSLA on Windows NT4 Various tips

How-Tos and Tutorials


How the internet works Using WinSSHD for SFTP Port forwarding guide Tunnel Remote Desktop Tunnel Windows shares Tunnel WinVNC

Try out WinSSHD!


WinSSHD is an advanced SSH server for Windows with secure remote access, file transfer and tunneling features. Supports public key authentication, SCP, SFTP. Its advantages include speed, reliability, ease of use, configurability, and bvterm - the best remote console on the Windows platform. Try it free for up to 30 days!

Try out Tunnelier!


Tunnelier is a friendly and flexible SSH client for Windows which includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features, and also remote administration for WinSSHD. Free for individual use!

Step-by-step instructions
Follow these steps if you wish to get quickly up and started with Windows file sharing over SSH. It is advised that you try to understand what is being done by each one of the steps presented. The difference between understanding and not understanding is frequently the difference between a security measure which works and one that only appears to. On the server machine: (the file-sharing provider) 1. Install WinSSHD on the server (the machine that has the resources you wish to access with Windows file sharing). 2. No changes to the default WinSSHD configuration are required to use Windows file sharing over SSH. You may wish to make changes to the default WinSSHD configuration later on, to restrict what WinSSHD features are accessible to remote users. However, for the time being, keep your WinSSHD settings at default until your file sharing over SSH is up and running. 3. Apart from installing WinSSHD, the only thing you need to do on the server is ensure that there is a Windows account which you can use

1 of 3

05.01.2007 11:15

Windows File Sharing and SSH Tunneling (Bitvise)


to log on locally, and which you are comfortable using through Tunnelier and WinSSHD. If such an account does not yet exist, create one and use it to log on for the first time through the local Windows console to make sure all settings for the new account are initialized. 4. Start the WinSSHD service from the WinSSHD Control Panel. On the client machine: 1. If the client is running Windows XP or 2003 and you wish to retain the ability to share the client's resources, install and configure the Microsoft Loopback Adapter. 2. Install Tunnelier on the client (the machine from which you wish to be accessing the server machine's shared resources). 3. Configure the following settings on the Login tab in Tunnelier. Click also the 'Help' link on the Login tab for help with any of these settings. a. Host: The IP address or DNS name of the server that you are accessing. b. Port: You will normally use the default value, 22. This must match the port that WinSSHD is listening on. If you have made no changes to the default WinSSHD configuration to change the port it is listening on, use 22. c. Username: The Windows account name with which to log into the server. This must be a valid Windows account name with local logon permissions on the side of the server. d. Password: The password with which to log into the server, belonging to the account name specified by Username. e. Store encrypted password in profile: You may optionally wish to enable this setting so that you will not be asked to reenter the password each time when logging in after Tunnelier has been restarted. 4. In the C2S Forwarding tab in Tunnelier, add a new entry and configure the following settings for this entry. Click also the 'Help' link on the C2S Forwarding tab for help with any of these settings. a. Status: This will be 'enabled' by default, leave it that way. b. Listen interface: The default value is 127.0.0.1. If the client machine is running Windows XP, leave this as it is; you will need to uninstall file and printer sharing on the client machine anyway. If the client machine is running Windows 2000, change this to 127.0.0.2 so that you will not need to uninstall file and printer sharing. c. List. Port: 139. d. Destination Host: set this to the interface on which the file sharing server is listening for SMB connections. Setting this to 'localhost' or 127.0.0.1 will not work because the file sharing server is usually listening on a specific interface rather than all interfaces, so it will not be possible to go through the loopback connection. To determine the interface where the file sharing server is listening, execute 'netstat -an' on the server and examine the output for a line like 'xxxxxx:139 ... LISTENING'. The xxxxxx is the IP address that you need to enter in this field. Normally this will be the IP address associated with the server's main ethernet adapter. e. Dest. Port: 139. 5. Click the Login button in Tunnelier and observe the log area for any errors. If the session is established without errors, the SSH setup is running. 6. If you are running Windows XP, you will now need to uninstall (not just disable, but completely uninstall) file and printer sharing on the client machine. This can be done through Network Connections : (each connection) : Properties - select 'File and Printer Sharing' in the list box and press the Uninstall button. This needs to be done for each active network connection on the client machine. 7. If you are using earlier versions of Windows (this is confirmed for Windows 2000 but is likely to apply to the 9x/Me series as well), you will not need to uninstall file and printer sharing if you specified 127.0.0.2 as the Tunnelier C2S rule listening interface (above). 8. Once the above steps have been completed, you will be able to connect securely to the shared resources on the server machine using syntax such as \\127.0.0.1\sharename or \\127.0.0.2\sharename, respectively. This will work as long as the Tunnelier SSH connection remains established.

http://www.bitvise.com/file-sharing

2 of 3

05.01.2007 11:15

Windows File Sharing and SSH Tunneling (Bitvise)


9. You can make sure that your file sharing connections are going through Tunnelier by checking the Tunnelier log area for a message saying 'Accepted client-to-server connection from ... to ...:139' corresponding to each connection attempt you make. Likewise, when your file sharing connection closes, Tunnelier should output a log message stating 'Closing client-to-server forwarding channel from ... to ...:139'.

http://www.bitvise.com/file-sharing

Troubleshooting
If you encounter problems establishing the SSH session, you will receive diagnostic information in the Tunnelier log area, as well as in the log entries recorded by WinSSHD on the server side. Especially in the case of an authentication failure, the WinSSHD log entries will contain important diagnostic information. Inspect the WinSSHD log entries using the Windows Event Viewer on the server side. Please see our contact and support page for more information and links to documents about how to go about resolving problems with Tunnelier and WinSSHD.

This website is Copyright 2001-2006 by Bitvise Limited. All rights reserved. Unauthorized copying or distribution of any part or whole is prohibited.

3 of 3

05.01.2007 11:15

Vous aimerez peut-être aussi