SAMBA/CIFS over SSH in Windows

•  In short: create a VM in VMware Workstation Player or another similar virtualization software, install Ubuntu server, configure network in bridge mode, assign an static IP, create a tunnel to your samba server, from port 445 to port 445 too, and then in Windows 7/10 connect to

\\<your Ubuntu server local IP>\

• You can create a service to automate this tunnel at boot. Note: I don't know about compatibility with other Windows versions, but surely it will also work for Windows XP/8/11, if there is a virtualizer available to those systems.
• Note: for your convenience, if your computer is, for example, a laptop computer, and you will move in an out of your SAMBA server LAN, you can configure the Ubuntu server static IP to be the same as your local SAMBA server IP. Then, all your shortcuts in Windows will remain the same, whether you're inside the LAN (don't power on your VM inside the LAN!) or you're remotely connected via the tunnel.

Step by step guide on how to connect from Windows 7/10 to remote SAMBA server

• Note: As far as I know, having your client computer connected to the LAN via a wireless device, is incompatible with this setup. You have to be connected via ethernet, and don't forget, if your ethernet adapter is FastEthernet (100Mbps) your transfer rate with the SAMBA server will be limited to that speed (it will act as a bottleneck). So it's better if you have a Gigabit ethernet adapter (1Gbps).

The goal of this tutorial is to show you how to connect from a Windows 7 or Windows 10 system, to a remote SAMBA server, not in the same LAN, but in other LAN accesible via internet. The total troughtput is generally not limited by the VM or any other part of the proposed installation - I tried it and the bootleneck is the fiber internet connection - I have 300Mbps and the troughput, with big files, is ~36MB/s. Also know, before to start, that you will need some kind of server in which to configure DDNS - duckdns.org is a good option, I use from some time ago and it works perfectly. If your SAMBA server is always on, you probably can configure DDNS on it - for example, if it is Ubuntu Server-based it's easy. If you want to power on and off your SAMBA server from time to time, you may be interested in buying some router compatible with OpenWRT, and install OpenWRT on it, and you can have it as DDNS client. For the DDNS configuration, I recommend the Crontab configuration - it is well explained in duckdns.org

Before to start, let's concrete what information you will need before to start:

• The local IP of your LAN's router (usually 192.168.1.1).
• The DDNS address of the LAN in which the SAMBA server is installed.
• The TCP port of the SAMBA server's LAN's router, which is being redirected to your SAMBA server's SSH local address/port (the SSH port is usually 22). If there is no TCP port configured, you have to access that router and manually add a port of your choice.
• If you are going to open a TCP port, you need to know the SAMBA server's local IP too.
• A SAMBA server's user/password with sufficient permissions to connect via SSH and create a SSH tunnel.
• The SAMBA server's SAMBA user/password (the user database is the same for the Linux system and SAMBA, but the SAMBA password is independent from the Linux system password).

1. Install your hypervisor

In this example I'm using VMWare Workstation Player (free for non-commercial use). VMware Workstation Pro is also compatible. Oracle VM VirtualBox is also compatible (not 100% sure, but the important thing is that it has bridge-mode networking, and I know it has).

2. Create your Virtual Machine

The process is very straight-forward. The only important thing you need me to tell you, is the network configuration. Let me show you a screenshot of that step:

This will configure your Virtual Machine in a way that:

• Lets your Virtual Machine communicate to your router directly, without NAT or complicated network setups - and access the SAMBA server through internet.

• Lets the computers in your LAN communicate to your Virtual Machine (in the same subnet), and then, access to the SAMBA server via the tunnel you will create later.

Also, note that, when you see the following step:

My advice is to configure as follows:

I'm not sure about this, but I have experienced that if you tell VMWare what operating system you are going to install (being Ubuntu Server), it ran an assistant that autoconfigured the Ubuntu server installation. I never followed that way, but I imagine that may automatically configure your internet connection, and we want to configure an static local IP address.

3. Install Ubuntu Server in the Virtual Machine

I will include some screenshots here just in case you are not experienced with Ubuntu server installation. In this case, I'm installing Ubuntu server 22.04.

• Note: you can install Ubuntu Desktop instead of Ubuntu Server, it will work too, but the resources that the Virtual Machine will consume will be notably higher. Ubuntu server is very lightweight and that is why I chose this kind of installation for this tutorial.

3.1. Starting Ubuntu server installation

First, in the VM configuration, select this menu:

Then, as shown, check "Connect at power on", and "Use ISO image file:", then browse your Ubuntu server installation ISO file (available at ubuntu.com).

Power on your Virtual Machine.

Boot your Virtual Machine, and choose "Try or install Ubuntu server", as shown:

From now on, I will only show the steps that are not obvious - It's hard to find the balance between the lack of information and the abundance of information, but I will do my best. In the steps that are not described, you can try to figure out yourself, and if you're not sure about what to do, just leave it as it is.

3.2. Configuring network

Now, the network configuration: the following screenshots are self explanatory.

The following screenshot is the most important: how to configure your virtual network device. The subnet will be usually the same - it is in the vast majority of home networks. You can configure the "Address" as shown - if you don't know what you're doing - don't change it! The gateway should usually be 192.168.1.1 . So ignore, please, the 192.168.1.3 . That is my own gateway, which I manually changed for my convenience. Apart from that you can do the same as shown in the picture.

3.3. Other steps

Regarding partitioning, I recommend not using LVM for this kind of installation - leave it as the screenshot:

Now, leave everything as it is:

And then, server name, user name and password must be the ones of your choice.

3.4. SSH server

I recommend checking "Install OpenSSH server", because we will use it later in this tutorial.

3.5. Other steps and finishing installation

When you see "Reboot now", select it and then a few moments later, it will show a message like "Remove the installation media and press Enter". Then, go to "Settings..." and Uncheck "Connected" and "Connect at power on" as follows:

Now, you can power off your virtual machine and Power on again.

4. Tunnel configuration and connection to the SAMBA share in Windows 7/10

Once you have installed Ubuntu server 22.04, it's time to try and create and SSH tunnel to connect to your SAMBA server. First, you need your private key

• Note: (not password protected, please - if it's password protected, you will be forced to: either input it manually each time you create the tunnel, or type it in plain text in some file in your virtual machine)

You will need some software to transfer your OpenSSH-compatible private key to your home directory. For example, you could use WinSCP (available at portableapps.com )

If you don't have a public/private key pair, you can use the puttygen util from PuTTY (also available at portableapps.com ). You may need to search for a brief tutorial on how to do this. It's not complicate.

This screenshot shows you how to configure WinSCP to connect to your Virtual Machine:

If you didn't change the IP address, that will be the same as the screenshot (192.168.1.20). In Usuario/user, type your username from the section 3.3. Other steps. And in contraseña/password, type your password.

Now, the normal case is you're gonna see a warning like this:

Don't worry, it is the normal case the first time you connect to a server.

Now, you'll have to browse for your private key (left side, corresponds to your Windows system) and browse your .ssh directory in your Virtual Machine (right side) - /home/yourusername/.ssh/

Then, select your private key and click on Subir/Upload

When you have your private key in your .ssh directory - for example

/home/yourusername/.ssh/privatekey

Now you have to do a couple of commands.

• Note for newbies: all text until the dollar sign is not the command. It's the prompt. The command starts at "sudo". Another note for newbies: "yourusername" should be substituted with your actual username, in the case of the first command "yourusername:yourusername" should be, for example, if your username is "mark", then "mark:mark". Also the file paths containing "yourusername" should be substituted, for example, by "/home/mark/..."

Now, the actual commands:

yourusername@yourservername:~$ sudo chown yourusername:yourusername -R /home/yourusername/.ssh/

yourusername@yourservername:~$ sudo chmod 0700 -R /home/yourusername/.ssh/

Then you can try the following command:

yourusername@yourservername:~$ sudo ssh -i /home/yourusername/.ssh/privatekey -p 7000 -l sambaserveruser -L 0.0.0.0:445:127.0.0.1:445 myddnsdomainexample.duckdns.org

• Note: the -i option is to locate the private key. It should be assigned to its location. The -p option is the port that must be open in the SAMBA server side's router - assigning it to the local IP of the SAMBA server. The -l option is to indicate the user in the SAMBA server's side (the normal user, not the SAMBA user). You should know what user exists and has necessary rights, in that server. The -L option is the configuration of the SSH tunnel. myddnsdomainexample.duckdns.org should be substituted by your own DDNS domain.

• Note 2: the first time you run this command to connect to your SAMBA server, it's likely that you will see a caveat warning you about not known host and showing you information like the fingerprint and other stuff. This is normal and usually you should write yes, but I can't be responsible of your security matters.

Then, once the command is executed, you can try out the SAMBA server from your Windows system:

Type the following in the windows explorer bar:

\\192.168.1.20\

Then, you will be prompted for your SAMBA user / password:

Then, you are shown the SAMBA shares existing in that server:

You can now work normally with your SAMBA shares.

As you can see, it's very fast! the bottleneck in this setup is my/SAMBA server's fiber connection, in my case 300Mbps in both sides.

5. Configuration of SSH tunnel as a service

You can choose creating a systemctl service in your virtual machine, so that you don't need to input the command every time you want to use your SAMBA server. Then, you'll only need powering on the virtual machine!

Create a blank file in your Windows system (you can create a .txt file and remove the .txt extension afterwards).

Input this text (i followed an example in internet and it worked for me - you can set it to your needs):

[Unit]

Description=SSH tunnel to MYSAMBASERVER

After=network.target

[Service]

User=root

ExecStart=/usr/bin/ssh -i /home/yourusername/.ssh/privatekey -p 7000 -N -l sambaserveruser -L 0.0.0.0:445:127.0.0.1:445 myddnsdomainexample.duckdns.org

RestartSec=15

Restart=always

KillMode=mixed

[Install]

WantedBy=multi-user.target

You can copy/paste this into the notepad application, or you can use notepad++ instead - better than notepad!

Rename the file to:

mycustomtunnel.service

You can substitute "mycustomtunnel" for whatever you like.

Then transfer the file to your virtual machine, using WinSCP:

Then, you have to place the file inside the following directory:

/etc/systemd/system/

To do it, you just need to do the following command:

yourusername@yourservername:~$ sudo mv /home/yourusername/mycustomtunnel.service /etc/systemd/system/

Also don't forget to set the owner and permissions properly.

yourusername@yourservername:~$ sudo chown root:root /etc/systemd/system/mycustomtunnel.service

yourusername@yourservername:~$ sudo chmod 0644 /etc/systemd/system/mycustomtunnel.service

Then, the final commands, to set the service you just created:

borhacker@testvmubun:~$ sudo systemctl enable mycustomtunnel.service

borhacker@testvmubun:~$ sudo systemctl start mycustomtunnel.service

From now on, every time you power on your virtual machine, the SSH tunnel will be automatically created, and you will be able to access your SAMBA shares from Windows, as shown above.

• Note: If you didn't execute the ssh command (I mean you just executed the systemctl commands, but not the long ssh command in section 4), the service may not work correctly. Thus, you have to go back to that point of the tutorial and execute the command one time, so that you receive the security warning you usually receive the first time you connect to a remote host through ssh, and type "yes" or accept the host (I don't remember exactly, sorry!). Then, from that moment, the service you had created will start to work fine.

• Final note: Please, if you find any errors or typos in my explanations, please let me know in the comments. I have tried my best to write it correctly, and will be reviewing it sometimes, but you never know what errors you may encounter. Also if you need an explanation that you can't find a solution in google, and think that it should be included in the tutorial, please let me know in the comments. Cheers!