riskinit.org logo
Technology is the term we use for things that don't quite work yet.

So being the lucky gal I am, both my parents and I both have FIOS 20Mbit Bi-directional internet connections (actually they may have a slightly lower tier). So after the 50th time I had the conversation “You should really see this movie, tv show, etc…”, I got to thinking it might be cool to connect our networks in order to allow them to share my media library/HTPC.

Unfortunately, getting my father to reconfigure his home network firewall is pretty much a non-starter. So I had to find a more creative solution.

So here it is, a quick how to get Samba connected over a reverse ssh Tunnel on OS X.

SSH Tunnel
sudo ssh -N -p 222 -c 3des user@domain.com -L 222/127.0.0.1/139


-N detaches terminal for ssh tunnels
-p is the port – I’m using 222 because if you use port 22 then you have to disable SSH/remote access on the local machine you are connecting from.
-c encryption type – 3des is the default blowfish is faster if CPU time is an issue remote user/domain

(direct from the man page)

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side. This
works by allocating a socket to listen to port on the local side,
optionally bound to the specified bind_address. Whenever a con-
nection is made to this port, the connection is forwarded over
the secure channel, and a connection is made to host port
hostport from the remote machine.

Ok, now you have a tunnel, the next step is mounting the remote drive.

Mount command
mount -t smbfs //user:password@127.0.0.1:222/remoteshare /mountpoint


Note: A friend noted you should NOT use root for the mount command or Samba may not mount correctly.

To make this run at login, put it in a text file, chmod it executable and then put it in your login items.

Great! Final step, how to make the connection persistant. Enter launchd.

`launchd` is a unified, open source service management framework for starting, stopping and managing daemons, programs and scripts. It was introduced with Mac OS X v10.4/Darwin v8.0, and is licensed under the Apache License.

Unfortunately, you need to make a launchd plist and launchd is a bit of a bitch, so its much easier to just go get Lingon by Peter Borg it’s free, it works and you won’t have to learn launchd.

Now you have a great persistent remotely mounted Samba title over SSH.

Notes:
1. The mount command is a simple terminal script, but you may need to put a delay in the script if the connection isn’t up before the login runs the mount script. There is probably a way to get launchd to handle this but I haven’t spent the time to figure it out. So if the session disconnects it will automatically reconnect but not remount the drive.

2. The 1.83 GHz Mac mini doesn’t seem to have enough CPU to playback and receive HD content over the SSH tunnel (works fine if you download, then play). I may try to use blowfish to see if it improves playback. Normal SD divx/h.264 seems to be just fine.

I’m interested to know if anyone has any suggestions to improve this setup.

Note: As of somewhere around 10.6.7 IIRC this stopped working. As far as I can tell SMB and AFP no longer accept connections from the same box over 127.0.0.1. I’m really not sure why. As an alternative I’ve switched to using MacFuse, MacFusion and SSHFS which seems to be working reasonably well. I also switched the cipher in SSH to use arcfour in an attempt to eek out a little more performance.

Add Comment Register



Leave a Reply