I know that since SMB is not secure, opening port 445 on firewall makes your computer vulnerable. To secure my connection, I want to run a SMB mobile app via SSH. Would I still need to open port 445 on my router to enable SMB? Would my host computer be protected by running SMB over SSH?
Asked
Active
Viewed 9,948 times
3
-
1Not exactly the answer to your question, but did you consider sshfs? It exists for Android, https://play.google.com/store/apps/details?id=com.chaos9k.sshfsandroid&hl=en – MariusMatutiae Nov 27 '13 at 18:38
-
I am not sure if I understood the question. But: No, you make connection to your host computer via SSH. Forward the port over a tunnel to your device. And connect locally on your device to port 445. So only port 22 is needed. – Edgar Klerks Nov 27 '13 at 20:11
-
SSH is not a good choice for this. Get yourself a real VPN tool that gives a full IP link. – Zoredache Nov 28 '13 at 00:47
-
Thanks for the reply. Would I still need to open SMB port on my router? – synthesis Nov 28 '13 at 11:19
-
It's not opening port 445 on your firewall that makes your computer vulnerable; it's running an SMB server. Blocking port 445 on your firewall mitigates that vulnerability, but it doesn't eliminate it entirely. – Mike Scott Nov 17 '15 at 18:02
1 Answers
4
Here is a simpler solution which is suitable if local filesystem sharing is not necessary:
- https://superuser.com/a/1001889/507477
- configure SSH access over internet to a server/router which has network access to the necessary SMB server.
- When connecting to the SSH server, define port forwarding from local port 445 to the SMB server IP, port 445.
- access the SMB server share via
\\localhost
If local file sharing is necessary, a more difficult but achievable way is described here - http://www.nikhef.nl/~janjust/CifsOverSSH/Win8Loopback.html
Dmitrii Sutiagin
- 311
- 2
- 7
-
thanks! ssh with port foward to samba host `sudo ssh -L 445:127.0.0.1:445 user@sambahost -v`, and then access samba host via `smb://localhost/` – pangyuteng May 19 '19 at 17:29