[Samba] Samba over ssh ?
Madhusudan Singh
singh.madhusudan at gmail.com
Fri Apr 1 05:12:10 GMT 2005
On Thursday 31 March 2005 23:34, Craig White wrote:
> On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote:
> > On Thursday 31 March 2005 16:29, Andrew Bartlett wrote:
> > > On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote:
> > > > Hi
> > > >
> > > > I need to make my samba server available over the internet to a
> > > > mobile user base.
> > > >
> > > > I was wondering if samba could be run over ssh (at both client and
> > > > server ends). I am not comfortable about opening ports 139 and 445.
> > >
> > > The standard answer is to use a VPN.
> > >
> > > Andrew Bartlett
> >
> > Thanks. Would CIPE be an appropriate solution ? I am beginning to read up
> > on it. Does it work the following way :
> >
> > Linux Server : Samba (139,445) -- 22 -------- Internet -------- 22 --
> > Windows
>
> ----
> been a while since I used Cipe - I don't recall which ports it used but
> it surely wasn't the ssh port (22).
>
> would recommend against starting with it since you won't find it to be
> supported by many 2.6 distro's without a bunch of extra work.
>
> Suggest that you use openvpn
> openvpn.sourceforge.net
>
> Craig
Thanks for your suggestion. I have installed openvpn and the lzo library on
which it depends.
One nagging question that I still have is :
Does using openvpn (or any VPN solution in general) obviate the need to open
these vulnerable ports ? The little documentation that I have read so far
talk a lot about encryption. While that is important, I also need to think
about the ports (strangely, the firewall does not open any of those ports but
nmap -P0 run on the machine reveals that these ports are open :
139/tcp open netbios-ssn
445/tcp open microsoft-ds )
Anyways, another concern I have is that while I have the samba server up and
running and all my users are happy with it, how much disruption and user
effort can I expect when I implement openvpn ? Like typical windows users,
they value ease of use over security. Don't take me wrong, I will definitely
implement this if it contributes towards security, but I need to know this to
be able to tell my users what to expect.
More information about the samba
mailing list