automount thru winscp

automount thru winscp

[Luca Ferrari]

Hi,
I've got a linux server with samba shares behind a firewall. Since my 
users want to see their shares from the outside network, I thought to 
dynamically mount shares on the firewall (using, for example, automount) 
  providing access thru winscp, that has a quite windows like look & 
feel. The problem is that I cannot understand when the user connects, 
that means automount does not work with a winscp session, and that I 
cannot mount shares thru the ~/.bash_profile script, since it is not 
executed (maybe .profile is executed?). Any idea on how to solve the 
problem?
Thanks,
Luca
-- 
Luca Ferrari
fluca1978@infinito.it

Re: automount thru winscp

[Adam T. Bowen]

Hi,

Luca Ferrari wrote:
> Hi,
> I've got a linux server with samba shares behind a firewall. Since my 
> users want to see their shares from the outside network, I thought to 
> dynamically mount shares on the firewall (using, for example, automount) 
>  providing access thru winscp, that has a quite windows like look & 
> feel. The problem is that I cannot understand when the user connects, 
> that means automount does not work with a winscp session, and that I 
> cannot mount shares thru the ~/.bash_profile script, since it is not 
> executed (maybe .profile is executed?). Any idea on how to solve the 
> problem?

Allowing external sFTP connections for normal users to your firewall box
is not a good idea with regard to security, but if that is what you
want.  As far as I know, your SHELL is used to execute the sftp-server
process once you have authenticated via the ssh daemon (using OpenSSH
which is all I have experience of).  So you just need to work out which
of the numerous shell initialization scripts is actually read.  On our
systems with SHELL as bash, the ~/.bashrc is read so you could put the
smbmount commands in there.

I just tried doing this myself and it works ok.  One thing I had to do
was export PASSWD=mypassword before the smbmount command.  Very
insecure, but perhaps you have your shares/authentication configured to
do it without this step.

Cheers

Adam


> Thanks,
> Luca

Re: automount thru winscp

[Luca Ferrari]

Adam T. Bowen's cat, on 09/09/2005 12.01, walking on the keyboard wrote:
> 
> Allowing external sFTP connections for normal users to your firewall box
> is not a good idea with regard to security, but if that is what you
> want.  As far as I know, your SHELL is used to execute the sftp-server
> process once you have authenticated via the ssh daemon (using OpenSSH
> which is all I have experience of).  So you just need to work out which
> of the numerous shell initialization scripts is actually read.  On our
> systems with SHELL as bash, the ~/.bashrc is read so you could put the
> smbmount commands in there.
> 


Dear Adam,
I'll appreciate any suggestion about this problem. How do you think it 
can be possible to allow access from the external network to the share 
on machine behind the firewall? I'd like a solution simper than setting 
up a vnc network.
Thanks,
Luca

-- 
Luca Ferrari
fluca1978@infinito.it

Re: automount thru winscp

[Adam T. Bowen]

Hi,

Luca Ferrari wrote:
> Adam T. Bowen's cat, on 09/09/2005 12.01, walking on the keyboard wrote:
> 
>>
>> Allowing external sFTP connections for normal users to your firewall box
[snip]
>> smbmount commands in there.
> 
> Dear Adam,
> I'll appreciate any suggestion about this problem. How do you think it 
> can be possible to allow access from the external network to the share 
> on machine behind the firewall? I'd like a solution simper than setting 
> up a vnc network.
> Thanks,
> Luca

Port forwarding?  Don't port forward the samba/netbios stuff through the 
firewall though as that would be asking for trouble.  It would be safer 
to port forward the SFTP connections through it instead.  So, you could 
run the SFTP server on a machine behind your firewall and have the 
firewall forward the connections to it.

Alternatively, if you have got a bunch of public IP addresses, you could 
just use Network Address Translation (NAT) and then open up the ssh 
ports through to the SFTP server.

Note that if you allow SFTP connections through your firewall (either 
port forwarded or via NAT) then you are also allowing SSH connections. 
This is because both SFTP and SSH use port 22.  If this could be a 
problem then you could try something like rssh to restrict users to only 
certain services.  You can find info about rssh here:

       http://www.pizzashack.org/rssh/index.shtml

We have been using it for a while now, and it works fine.

A really good safe way to allow access to users from the internet to 
your intranet is to use a Virtual Private Network (VPN).  Doing so is 
beyond the scope of this current thread though.  Plenty of good howtos 
on the web.

Cheers

Adam

Re: automount thru winscp

[Stephen Samuel]

You could placee the following in users'  ~/.bashrc file:

if  [ -n "$SSH_CLIENT" -a  -n '$DID_SSH_INIT" ] ; then
    export DID_SSH_INIT=yes
    engage_automount
fi

This doesn't differeentiate between ssh and scp, but it should be a good 
start.

If you need to do something on exit, you can use
trap 'exiting_ssh' EXIT

Remember, however, that the user may be still logged in beyond this onee 
session

Luca Ferrari wrote:

> Hi,
> I've got a linux server with samba shares behind a firewall. Since my 
> users want to see their shares from the outside network, I thought to 
> dynamically mount shares on the firewall (using, for example, 
> automount)  providing access thru winscp, that has a quite windows 
> like look & feel. The problem is that I cannot understand when the 
> user connects, that means automount does not work with a winscp 
> session, and that I cannot mount shares thru the ~/.bash_profile 
> script, since it is not executed (maybe .profile is executed?). Any 
> idea on how to solve the problem?
> Thanks,
> Luca

-- 

Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.

Re: automount thru winscp

[linux-user]

On Friday 09 September 2005 06:04 am, Stephen Samuel wrote:
> Luca Ferrari wrote:
> > Hi,
> > I've got a linux server with samba shares behind a firewall. Since my
> > users want to see their shares from the outside network, I thought to
> > dynamically mount shares on the firewall (using, for example,
> > automount)  providing access thru winscp, that has a quite windows
> > like look & feel. The problem is that I cannot understand when the

 Try SSLExplorer--full access to your Samba shares from anywhere in the world 
with https access.