我很懒惰,因此当一切都方便地组织起来且没有不必要的手势时,我喜欢它。有时候我太懒了,不能舒适地做它。
当我需要通过SMB组织对服务器的访问并寻找解决方案时,我遇到了以下文章:使用SSH为Windows 8挂载Nikhef主目录。这是Putty使用的一种简单易用的解决方案。过了一会儿,我不得不在另一台计算机上配置该解决方案,并且我意识到Putty在这里是多余的,因为基于OpenSSH的内置ssh客户端出现在Windows 10中。
削减-一种相同的方案,仅在Windows 10下使用OpenSSH。
我的计划安排如下:
- Samba在服务器上运行,具有站点的根文件夹代表www-data用户共享。仅通过具有密钥授权的ssh访问服务器。NAT后的服务器,仅将端口转发给ssh。
- 通过内置的OpenSSH系统登录Windows 10上家用计算机上的帐户的过程中,通过密钥授权建立了到服务器的连接。
- 远程计算机的端口445隧道传输到网络回送适配器的本地端口44445,该端口可在10.255.255.1获得
- 在回送适配器10.255.255.1上,端口44445被代理到本地445。因此,当连接到\\ 10.255.255.1 \时,将打开一个远程文件球(如果需要,可将其安装为网络驱动器)。
所有这些都是自动的-懒惰胜利。安全,快速和原生外观。任何编辑器都可以在远程服务器以及本地服务器上打开和编辑文件,而无需下载已编辑的文件并为它们设置必要的权限。话虽如此,Samba没有任何安全问题。
所以-第一步:
WINDOWS端
OpenSSH. Windows 10 Windows Server 2019 SSH OpenSSH. . –
ssh
— "", .
1.
loopback- . .
hdwwiz.exe
« » ( Windows 10 Pro).
«» -> « , » -> « » -> «Microsoft –> Microsoft KM-Test» -> «»
, , devcon.exe, .
CMD ( ).
netsh interface show interface
. Ethernet 2.
:
netsh interface ip set address name="Ethernet 2" source=static address=10.255.255.1 mask=255.255.255.0
10.255.255.1
, TCP- 445, Windows lanmanserver . lanmanserver portproxy, .
( «start=» !!!):
sc config lanmanserver start= demand
sc config iphlpsvc start= auto
10.255.255.1 44445 445
netsh interface portproxy add v4tov4 listenaddress=10.255.255.1 listenport=445 connectaddress=10.255.255.1 connectport=44445
, lanmanserver .
loopback-,
netstat -an | find ":445 "
TCP 10.255.255.1:445 0.0.0.0:0 LISTENING
. "0.0.0.0:445" — - .
netsh interface portproxy show v4tov4
2.
. , .
mkdir %APPDATA%\CIFSoverSSH
cd %APPDATA%\CIFSoverSSH
ssh- ( , : cifsoversshkey)
ssh-keygen -t rsa -N "" -f cifsoversshkey
. , OpenSSH UNPROTECTED PRIVATE KEY FILE! . , Windows. GUI, . Windows :
icacls cifsoversshkey /RESET
icacls cifsoversshkey /grant _:F /inheritance:r
, .
icacls cifsoversshkey
, OpenSSH !
cifsoverssh.cmd :
call cmd /c start "" /B C:\Windows\System32\OpenSSH\ssh.exe user@111.111.111.111 -p remoteport -i %APPDATA%\CIFSoverSSH\cifsoversshkey -L 10.255.255.1:44445:localhost:445 -N -o "StrictHostKeyChecking=no"
:
user@111.111.111.111 – linux @
3.
: powershell -nologo -noninteractive -windowStyle hidden -command "%APPDATA%\CIFSoverSSH\cifsoversshkey.cmd"
powershell . CMD , , .
:
schtasks /CREATE /RU %username% /TN "CIFS over SSH" /TR "powershell.exe -nologo -noninteractive -windowStyle hidden -command %APPDATA%\CIFSoverSSH\cifsoversshkey.cmd" /SC ONLOGON /DELAY 0000:10 /IT /RL highest
Windows .
Linux
, ssh- .
ssh windows-
C:\Windows\System32\OpenSSH\ssh.exe user@111.111.111.111 -p remoteport
, ~/.ssh/authorized_keys ( – ).
mkdir ~/.ssh && touch ~/.ssh/authorized_keys
, windows- ( %APPDATA%\CIFSoverSSH\cifsoversshkey.pub). . , .
Samba ( Debian)
apt update && apt install samba
mv /etc/samba/smb.conf /etc/samba/smb.conf.old
touch /etc/samba/smb.conf
:
[global]
realm = webserver
server string = Web server
workgroup = WORKGROUP
# Setup charsets
dos charset = cp1251
unix charset = utf8
# Disable printers
load printers = No
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
# Setup logging
log file = /var/log/smbd.log
max log size = 50
max xmit = 65536
debug level = 1
# Setup daemon settings
domain master = No
preferred master = Yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 SO_KEEPALIVE
os level = 65
use sendfile = Yes
dns proxy = No
dont descend = /proc,/dev,/etc
deadtime = 15
# Enable synlinks
unix extensions = No
wide links = yes
follow symlinks = yes
# Securtity settings
security = user
map to guest = Bad Password
guest account = nobody
create mask = 0664
directory mask = 0775
hide dot files = yes
client min protocol = SMB2
client max protocol = SMB3
[ShareName]
comment = Sites folder
path = /home/web
force user = www-data
force group = www-data
read only = No
guest ok = Yes
writable = yes
create mask = 0664
directory mask = 2775
. ShareName. Path = , . force user force group linux-, . - – www-data
Samba
systemctl restart smbd
Windows
exit
. windows ( ).
\\10.255.255.1\ShareName — .