Mounting Courant Home Directory via SSH Tunneling
Your CIMS directory can be mounted either by mapping a network drive or by SSH tunneling. Drive mapping is a simpler process; see instructions here. Otherwise, read on for information about SSH tunneling.
A tunnel is a networking term with an appropriate name. It refers to a connection, usually encrypted, that connects two computers together across another, usually untrusted network. Picture a mountain of evil internet users sitting between your laptop and the CIMS server. You don't want to just throw your traffic really hard at the mountain and hope it gets there; you want to first form a protected tunnel from you to CIMS, and then send the traffic through it.
Take this typical scenario, you're at work or at home, merrily typing away on your wireless laptop. You want to retrieve your e-mail from CIMS. If you connect to the machine directly, your e-mail client will send your login and password "in the clear." This means that a nefarious individual somewhere between you and your mail server (either elsewhere on your wireless network, or even "on the wire" if you are separated by an untrusted network) could be listening, and grab a copy of your information en route. This login could then be used not only to gain unauthorized access to your e-mail, but in many cases will also grant a shell account on your mail server!
To prevent this, you can use the tunneling capabilities of SSH. An SSH tunnel works like this: Rather than connecting to the mail server directly, we establish an SSH connection to the internal network that the mail server lives in (frequently, the mail server itself). Your SSH client software sets up a port forwarding mechanism, so that traffic that goes to your laptop's POP port magically gets forwarded over the encrypted tunnel and ends up at the mail server's POP port. You then point your e-mail client to your local POP port, and it thinks it is talking to the remote end (only this time, the entire session is encrypted.)
With the tunnel in place, anyone who tries to monitor the conversation between your laptop and the mail server will get something resembling line noise.
SSH Tunneling: Windows 95/98/ME/NT/2000/XP/Vista/7
Follow these step-by-step instructions to create an ssh tunnel with Windows. The last step then describes how to mount your CIMS home directory to your Windows machine. Step 2 shows how to create a tunnel with the program plink, which is puTTy's command-line to its backend.
- Go to My Network Places -> Properties -> Local Area Connection -> Properties and uninstall "File and Printer Sharing for Microsoft Networks".
NOTE: You cannot just uncheck the box, you must uninstall it completely and restart your PC.
To re-install the "File and Printer Sharing for Microsoft Networks" service go to the same window from which you uninstalled it (My Network Places -> Properties -> Local Area Connection -> Properties), press the "Install" button, select "Service" and press the "Add" button, select "File and Printer Sharing for Microsoft Networks" and press "OK".
- Now you can create a tunnel from your pc to the CIMS servers. Setup your ssh client to forward local tcp ports 139 and 445 to fs-u1.cims.nyu.edu ports 139 and 445. The following gives an example of how to do this with plink(which you can download free using this link):
To create an SSH Tunnel using Plink:
- First start a DOS command line on your Windows platform
- Then, either set the Windows Path variableso that DOS will know where to look for the plink program, or simply go to the directory that the plink.exe file is in.
- Now type the following line (all on one line, make sure the "L" is capitol):
plink -ssh -L 139:fs-u1.cims.nyu.edu:139 -L 445:fs-u1.cims.nyu.edu:445 USERNAME@access.cims.nyu.edu
- Enter your login and password when prompted
- First start a DOS command line on your Windows platform
- Now that you have created a tunnel, you can map a network drive in windows and your CIMS home directory should appear on your PC as a seperate drive. Right click on My Computer -> Map Network Drive, and enter \\127.0.0.1\USERNAMEin the "Folder:" box as shown below:
Uncheck the Reconnect at logon button. Then click "different user name" and enter your CIMS username and password.
- Finally, click OK and then Finish to connect.
** You cannot share file and/or printers to your LAN at the same time. Otherwise, port 139 will be used by the sharing service and will not be available for ssh. You need to uninstall the sharing service which you can easily install again later -- simply unchecking the box next to "File and Printer Sharing for Microsoft Networks" will not work.
SSH Tunneling: Mac OS X
- Go to "Sharing" in "System Preferences". Make sure "Windows Sharing" is off.
- Open a Terminal and execute the following commands:
sudo ifconfig lo0 alias 127.0.0.2 up sudo ssh -f -N -L 127.0.0.2:139:fs-u1.cims.nyu.edu:139 \ -L 127.0.0.2:445:fs-u1.cims.nyu.edu:445 \ USERNAME@access.cims.nyu.edu
You will be asked for your local (Mac) password and then your CIMS password. The former is for the sudo command; the latter is for the ssh authentication.
- Go to Finder -> Go -> Connect to Server and enter the following in the address field:
smb://127.0.0.2/USERNAME
A dialog will come up and ask for your Username and Password. Enter your CIMS username and password respectively. Your home directory will appear on your desktop as a network drive.
A similar process can be followed to mount your web directory in addition to your home directory as follows:
sudo ifconfig lo0 alias 127.0.0.3 up
sudo ssh -f -N -L 127.0.0.3:139:fs-u2.cims.nyu.edu:139 \
-L 127.0.0.3:445:fs-u2.cims.nyu.edu:445 \
USERNAME@access.cims.nyu.edu
then from the Finder:
smb://127.0.0.3/USERNAME
SSH Tunneling: Linux
Open a Terminal and execute the following commands: ssh -f -N -L 9900:fs-u1.cims.nyu.edu:139 \
USERNAME@access.cims.nyu.edu
mount -t cifs -o domain=CIMSSAM,username=USERNAME,port=9900 \
//localhost/USERNAME /YOUR_LOCAL_MOUNT_POINT
The second command needs to be run as root (via sudo or otherwise). You will be prompted for a password, which is your CIMS password. Of course you have to replace USERNAME with your CIMS username, YOUR_LOCAL_MOUNT_POINT is the directory location you want to mount your files. You may have to replace smbfs with cifs and/or install the cifs-utils package on your machine to be able to mount the filesystem.