At the university we have a wide range of computers platforms we process data. We also have file servers consisting of several RAIDs holding up naby terabytes of data. The challenge that we were facing was to access all this data when we are away from campus.
In a previous article I wrote about SSH tunneling and if you get lost reading this article you might want to check that one for basics. As in the previous article I'll provide two methods.
We need to establish a SSH tunnel between the client (C, your laptop) and the secure server (S, SAMBA server) through the gateway (G).
ssh -f -N -L 22000:address.of.secure.server:139 .gatewayAbove command establishes a tunnel between local port 22000 of the client (your laptop) and the SAMBA port (139) of the secure server (S).
Now we can mount the disk using the local port 22000 and the loopback address of "127.0.0.1".
Make sure that you have an empty folder ready to be used as mount location.
smbmount //address.of.secure.server/shared.folder /local.mount.folder/ -o domain=domain.name,username=your.user.name,ip=127.0.0.1,port=22000That's it! Once you enter your password you should be able to see these files under the /local.mount.folder/. Let me explain the above command a little more in detail.
smbmount: is the samba mount command for Ubuntu. I prefer smbmount (mount.cifs) over mount here because I can use it without being root.
shared.folder: is the shared folder location on the secure SAMBA server. Make sure this folder is shared, and the SAMBA server is running. Otherwise this will not work for obvious reasons. If the reasons are not obvious ask your system administrator.
local.mount.folder: is the folder where you mount the share. If successful, you will be able to reach the files in this share through this location on your laptop.
-o : is the option parameter. After this all parameters specify an option and its value.
domain: option sets the domain name for the secure samba server.
username: option specifies your username on the secure samba server. You can specify the password with the "password" parameter but I prefer not to type my password on the command line. ;) See mount.cifs man page for other ways of specfying password if you don't want to enter it each time.
ip: option sets the IP address of the server to connect to. Since we established a tunnel between localhost:22000 and secure.server:139, we use localhost.
port: option sets the port number to connect to on the specified IP address. This is the port we specified above in the first command.
I like to specify common tunnels in the "~/.ssh/config" file to reduce the number of daily key strokes. For details of this section refer to the previous article: SSH Tunneling
Add the following lines to your ~/.ssh/config file.
Host GatewayHostname address.for.the.gateway LocalForward 22000 address.of.SAMBA.server:139 Host SambaServerHostname localhost port 22000You can see the similarities of the above section with the previous article. It has exactly the same format, the only difference is that we are connecting to port 139 (SAMBA server port) on the secure.server instead of 22 (SSH port). Once you set your configuration file, you can set the tunnels as before:
ssh -N -f GatewayAnd you can connect to the SAMBA Server with the following command:
smbmount //SambaServer/path/to/samba/folder /local.mount.folder/ -o domain=your.domain.name,username=your.user.name,ip=127.0.0.1,port=22000Enter the password, and you should be all set!
On a side note I strongly suggest that you also specify the user id (uid) and the group id (gid) for the files on the share by specifying these options. Since SAMBA does not fully support files owned by different users, it is likely that this will save you from some headache in the future.
