[Samba] Re: Using ssh for samba authentication?
igor at mir2.org
Fri Jan 21 13:53:46 GMT 2005
Andrew Bartlett wrote:
> On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote:
>>On Tue, 18 Jan 2005 11:49:00 -0800, "Jim C." <jcllings at javahop.com>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>| I use ssh port forwarding to connect to a samba server from Windows
>>>| ask for any password for shares?
>>>Why not set ssh up for public key auth? Coupled with Samba's own
>>>encryption, it should be secure enough. ;-)
>>I already use public key authentication in ssh and for this reason the
>>additional password typing is annoyance that can potentially leak
>>passwords. So I thought that maybe there was a way to start samba from
>>ssh connection and assume that user already authentificated among the
>>lines of sftp subsystem in ssh.
> Yes, it is possible to construct such a system, but I really doubt it is
> worth the pain. You would need to construct an auth module that
> understood that SSH had already authenticated the user, while still
> using the same username/password on the client as the server (this is
> important for session key stuff), run smbd as the user initially (which
> breaks certain behaviours where we become root).
> On the client, you would need to forward the socket to the SSH process.
For me it seems that it is straightforward to modify an ssh client to
allow to forward local ports to input/output of remote process instead
of remote port. With such port-to-process forwarding in place I can then
start smbd in the same way as inetd can do it.
Then I configure smbd to write all logs etc. to files in the home
directory with a guest read/write share pointing to the whole
filesystem. Yes, it is a lot of work, but so far I did not loose an
interest to play with ssh.
More information about the samba