[Samba] Samba over ssh ?
craigwhite at azapple.com
Fri Apr 1 06:45:42 GMT 2005
On Fri, 2005-04-01 at 00:12 -0500, Madhusudan Singh wrote:
> Thanks for your suggestion. I have installed openvpn and the lzo library on
> which it depends.
> One nagging question that I still have is :
> Does using openvpn (or any VPN solution in general) obviate the need to open
> these vulnerable ports ? The little documentation that I have read so far
> talk a lot about encryption. While that is important, I also need to think
> about the ports (strangely, the firewall does not open any of those ports but
> nmap -P0 run on the machine reveals that these ports are open :
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds )
> Anyways, another concern I have is that while I have the samba server up and
> running and all my users are happy with it, how much disruption and user
> effort can I expect when I implement openvpn ? Like typical windows users,
> they value ease of use over security. Don't take me wrong, I will definitely
> implement this if it contributes towards security, but I need to know this to
> be able to tell my users what to expect.
openvpn has a support list and excellent documentation
NO - you don't open any ports on a firewall except what is needed for
openvpn...IIRC you need port(s) starting at 5000 but you could choose
any ports you want in the setup of server & client - these ports would
be in the 'unprivileged' range (1025+)
Obviously, you have to install client software and configure tun/tap
adaptors, pre-shared keys or create certificates, configure
dhcp/dns/wins for clients accordingly.
If you have a firewall, you would have to forward the packets through to
the openvpn server
As for your nmap - I haven't a clue what you are talking about, Windows
client, Linux server, internal network, external network etc. Security
is the point of VPN but also most Internet Service Providers would block
NETBIOS packets so they don't eat up their bandwidth, at least somewhere
before it gets to the Internet but it's your responsibility to stop them
at your router since you can't trust your ISP to handle your security.
VPN would encapsulate the NETBIOS packets in an encrypted tunnel -
either between remote computer and local network or between 2 local
networks or between 2 remote computers. You need to read through the
documentation that openvpn provides.
More information about the samba