[Samba] Re: Using ssh for samba authentication?

Andrew Bartlett abartlet at samba.org
Fri Jan 21 02:50:14 GMT 2005

On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote:
> On Tue, 18 Jan 2005 11:49:00 -0800, "Jim C." <jcllings at javahop.com>
> said:
> > Hash: SHA1
> > 
> > | I use ssh port forwarding to connect to a samba server from Windows
> > ...
> > | ask for any password for shares?
> > 
> > Why not set ssh up for public key auth?  Coupled with Samba's own
> > encryption, it should be secure enough. ;-)
> I already use public key authentication in ssh and for this reason the
> additional password typing is annoyance that can potentially leak
> passwords. So I thought that maybe there was a way to start samba from
> ssh connection and assume that user already authentificated among the
> lines of sftp subsystem in ssh.

Yes, it is possible to construct such a system, but I really doubt it is
worth the pain.   You would need to construct an auth module that
understood that SSH had already authenticated the user, while still
using the same username/password on the client as the server (this is
important for session key stuff), run smbd as the user initially (which
breaks certain behaviours where we become root).

On the client, you would need to forward the socket to the SSH process.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050121/cb9347c4/attachment.bin

More information about the samba mailing list