Tunneling SMB Mount through SSH on Mac OS-X

Background: This howto is aimed at people using Mac OS-X 10.5 (Leopard). This explains how to setup your mac so you can mount an SMB (Samba) share via SSH from anywhere outside our department networks. The first method has also been tested on Mac OS-X 10.6 (Snow Leopard).

This has been tested on the UWO public Wireless Network. This has been tested on the Bell Sympatico high speed (home DSL) network.


Method 1: Text based commands

  1. On the mac you need two terminal/xterm console windows open.
  2. In the first Window, enter this

    % sudo ssh -l USERNAME -L 139:arion.csd.uwo.ca:139 gate.csd.uwo.ca

    Where "USERNAME" is your Unix Userid on the Research network. It is important to use "sudo" for this command, as you are redirecting ports on your home machine.

    This will first prompt you for your sudo password for your home machine. It will then prompt you for your Computer Science RENT Unix password, unless you have set up SSH keys that remove the need to enter a password. It is important

    This terminal window will now be logged into Gate.

  3. In the second terminal window now enter this:

    % mount -t smbfs //'RENT;USERNAME'@localhost:139/HOMES MOUNTPOINT

    Where "USERNAME" is your Windows Userid on the Research network and MOUNTPOINT is a mount point (empty directory) on your mac where you will mount your samba files. It is important to NOT use "sudo" for this command!

    You will be prompted for a password. Enter your RENT Windows password. Do not enter your Unix password!

    Your home directory will now be mounted on the directory "RENT" in your user directory on your mac system. (You need to have previously created that directory)

  4. When you are finished using these files, you need to first unmount the RENT directory, and then you can exit from the window logged into Gate. In the second terminal windows:

    % cd
    % umount RENT

PLEASE NOTE: There are three userid+password combinations you need to use to make this work. First you are using your own password on the mac for the first sudo. Then you are using your RENT Unix password to get onto gate. Then you are using your RENT Windows password to initiate the samba mount.

LOCAL USERS: If your mac is on the local csd network then you can also use the above method, but a simpler method is to just use this command:

mount -t smbfs //'RENT;USERNAME'@arion.csd.uwo.ca/HOMES MOUNTPOINT

There is no tunneling of SSH required, no need for the first terminal window, and so on.


Method 2: Partial point-and-click option

There is another method available which allows you to use the "Go -> Connect to Server" menu (or Apple-K keyboard shortcut).

This method sets up an IP alias on your home machine, such that the local IP 127.0.0.2 is pointed at our SMB server in the department, via an SSH tunnel. Once this bit of trickery is established, you can use "127.0.0.2" in the "Go -> Connect to Server" menu.

  1. Copy the following and place it in a filed named "config" in your .ssh directory on your mac.
    #------------------------------------------------------
    # ~/.ssh/config  -- Art Mulder, Jun 23 2009
    # based on info from:
    #	http://blog.newsyland.com/mac-os-x/leopard-broke-smb-tunnelling
    #
    # This config file is to help you mount SMB shares locally at home
    # (or anywhere outside the dept firewall) on a Mac runing 
    #  OS-X Leopard 10.5.x. 
    #------------------------------------------------------
    
    #-- This is the name of this alias to this specific configuration:
    Host smb_tunnel_from_home
    
    #-- Work's firewall computer (can also use IP number here)
    Hostname gate.csd.uwo.ca
    
    #-- YOUR userid on the firewall computer
    User USERID
    
    #-- 127.0.0.2 is your computer, the second is the SMB server. 
    LocalForward 127.0.0.2:139 arion.csd.uwo.ca:139
    
    #------------------------------------------------------
    
  2. Copy the following and place in a file named "tunnel" in your account on your mac.
    #!/bin/sh
    #------------------------------------------------------
    # Art Mulder, Jun 23 2009
    # based on info from:
    #	http://blog.newsyland.com/mac-os-x/leopard-broke-smb-tunnelling
    #
    # This config file is to help you mount SMB shares locally at home
    # (or anywhere outside the dept firewall) on a Mac runing 
    #  OS-X Leopard 10.5.x. 
    #------------------------------------------------------
    # Usage:  sudo tunnel
    
    # first create local alias
    ifconfig lo0 alias 127.0.0.2 up 
    
    #--Now start the ssh session:
    ssh -N USERID@smb_tunnel_from_home -F /Users/MACUSERID/.ssh/config
    
    #------------------------------------------------------
    
  3. Edit both files and customize them for your situation. Replace the "USERID" with your RENT userid. Replace the MACUSERID with your short user name on your mac.

  4. Run the "tunnel" script (Sorry, I have not yet figured out how to make this a point-and-click program.) using sudo:

    % sudo ./tunnel

    This will set up the ssh tunnel between your mac and the department.

  5. you can now use the "Go -> Connect To Server" menu to access the various SMB mounts from the department. For the Server address, use: smb://USERID@127.0.0.2/ -- where "USERID" is your Rent Windows id. you will be prompted for your Windows password, and then presented with a list of volumes that you can mount.


End of Instructions.

26/Jun/2009 -- Art Mulder