SSH is great; SSH port forwarding is really great, but forwarding CIFS over SSH in Windows is a huge pain in the arse, especially in Vista/Windows 7. Thankfully I came across this handy guide, which walks you through the process: http://www.nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html

To summarise (in case the page ceases to exist):

  1. Run hdwwiz.exe and add a Microsoft Loopback Adaptor
  2. Edit the properties of the new adaptor and disable all protocols except IPv4
  3. Edit the properties of the IPv4 protocol and set the IP address to a private range that won’t conflict with any ranges you’re working with, such as 10.255.255.1
  4. Set the Interface Metric to 9999
  5. Disable NetBIOS over TCP/IP
  6. Run sc config smb start= demand to disable autostart of the SMB service
  7. Run netsh interface portproxy add v4tov4 listenaddress=10.255.255.1 listenport=445 connectaddress=10.255.255.1 connectport=44445 to create a portproxy rule that redirects traffic to port 445.
  8. Create a scheduled task to run net start smb when any user logs in
  9. Reboot
  10. Set up a Local tunnelling rule in your SSH client with a source of 10.255.255.1:44445 and a destination of <hostname>:445 (where is the hostname of the remote machine you’re working with)

You should now be able to connect to SMB shares using \\10.255.255.1\<sharename> (see below for a note about name resolution).

As an addendum, I found that I had to use a local account to run the Scheduled Task (SYSTEM in this instance) because my I’m using my laptop from remote sites without access to my domain, so if I try and use a domain account it can’t authenticate against a DC when it tries to run.

If you want to access more than one machine on the remote network (and the required SSH server config is in place to allow port forwarding to those machines), then you can simply add another IP address to the Loopback interface and create a new portproxy rule for it using a different port (such as 44446), then add a new port forwarding rule for it in your SSH client.

Also, if you want name resolution to work, there’s a handy hack you might be able to make use of (which will explain the existence of my previous post about the Windows name resolution process). You can add the hostnames and pseudo-IP addresses to your lmhosts file, which should permit you to resolve those hosts while tunnelling, without breaking your resolution when connecting to them locally (Because windows will try DNS/NetBIOS broadcast before looking at the lmhosts file). If you do this, you will be asked to authenticate the first time you connect to each machine due to the name/address mismatch.

To undo the changes:

  1. Run sc config smb start= auto to set the smb service to start automatically again
  2. Run netsh interface portproxy delete v4tov4 listenaddress=10.255.255.1 listenport=445 to remove the portproxy rule (change as needed to remove any additional ones)
  3. Open Device Manager and delete the Loopback Interface
  4. Open Scheduled Tasks and delete the SMB Startup task