On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote:
On Tue, 18 Jan 2005 11:49:00 -0800, "Jim C." <[EMAIL PROTECTED]> said:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
| I use ssh port forwarding to connect to a samba server from Windows ... | ask for any password for shares?
Why not set ssh up for public key auth? Coupled with Samba's own encryption, it should be secure enough. ;-)
I already use public key authentication in ssh and for this reason the additional password typing is annoyance that can potentially leak passwords. So I thought that maybe there was a way to start samba from ssh connection and assume that user already authentificated among the lines of sftp subsystem in ssh.
Yes, it is possible to construct such a system, but I really doubt it is worth the pain. You would need to construct an auth module that understood that SSH had already authenticated the user, while still using the same username/password on the client as the server (this is important for session key stuff), run smbd as the user initially (which breaks certain behaviours where we become root).
On the client, you would need to forward the socket to the SSH process.
For me it seems that it is straightforward to modify an ssh client to allow to forward local ports to input/output of remote process instead of remote port. With such port-to-process forwarding in place I can then start smbd in the same way as inetd can do it.
Then I configure smbd to write all logs etc. to files in the home directory with a guest read/write share pointing to the whole filesystem. Yes, it is a lot of work, but so far I did not loose an interest to play with ssh.
Regards, Igor
Regards, Igor
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
