How to connect to samba shares over the internet via ssh from mac os x

Chances are if you are seeing this, you’ve tried quite a bit but it hasn’t worked. Look no further. If you are seeing this and haven’t been researching it, then this should still be enough info to get a good start.

First, here’s the point: Using windows file sharing (Samba/SMB) is a good way to access your files across your home network, but don’t even think about trying it over the internet. In order to access SMB shares across the internet you’re going to need to get creative. A method which works reasonably well is using a zero-configuration VPN program such as Hamachi, Remobo, Wippen, etc. to create a virtual lan connecion, thus fooling your computer into connecting like you were on the same lan. That works, but in my experience it isn’t very reliable, it has limitations, it has overhead, and it means you have to have that ZCVPN client on both ends. So here’s my solution, skip the program, jump straight to the solution. If you use an SSH tunnel to connect to your computer, you can access your SMB shares, you can use VNC to view your screen, or do just about anything that uses a port on your host computer. The best part about it is, once you have it up and running, it’s really simple to use!

Note: This post will assume that your “server” machine is running windows and your “client” machine is running Mac OS X Leopard.

Here’s how to do it:

1. Enable file sharing on your host computer (I’m going to assume this is running Windows). This will allow your files to be shared across your local network. If you don’t know how to do that, there’s a very good guide Here.

2. (Optional) Disable simple file sharing and edit the permissions on your shares so that the shares are password protected. You only need to do this if you don’t want just anyone on your local network to be able to access your files. (Google it)

3. Install an SSH server on your host computer, I’d recommend freeSSHd. This will allow your to create a secure connection between your computers. I’d suggest freeSSHd because it’s free and much easier to use than many of the alternatives (OpenSSH/Cygwin).

4. On the SSH tab in the freeSSHd settings, change the port to whatever port you want, I’ll be using 12345 in my examples. I’d recommend something in between 10000 and 50000 so that a network scanner is less likely to pick up the port.

5. On the Users tab in freeSSHd, add a user with the username and password of your choice, set your password as “Password stored as SH1 hash”.

6. On the Tunneling tab in freeSSHd, enable local and remote port forwarding.

7. Test your SSH server to make sure you can connect to it using a computer on the same network as the SSH server. You will need the local IP of the SSH server for this step you can find it using This guide.

To test it from your mac machine:

  1. Open the Terminal (Applications/Utilities/Terminal)
  2. Use the command ssh -p port username@hostip (Example: ssh -p 12345 lococobra@

8. Enable port-forwarding on your router to your SSH server at the port you used – Follow one of the guides for your routerHere but use the port for SSH (12345)

9. (Optional) Set up an automatic DNS server for your host computer, you can set that up Here for free. I’d really suggest you do this, its very useful! Once you have that set up, install the No-IP Dynamic Update Client so that your DNS always matches your dynamic IP.

10. Test your SSH connection via the port forward. This is almost exactly the same as before, except instead of using the IP you got from ipconfig, use your global IP (or the DNS you set up in step 9). You can find your global IP Here. Example:ssh -p 12345

Now that we have all that set up, we’re almost done. What we’re going to do is connect via SSH and forward the SMB ports from our host computer to our client. This will allow you to access your shares remotely. It works because your ssh/smb server will think that it’s directly connected with your client computer, when in fact the connection is all handled through SSH. The tricky part is, OS X Leopard will not allow you to do this. If you forward the SMB ports from the server to client computer, then the client will think that it’s connecting to itself, and so Leopard will deny the connect. In order to defeat this we’re going to have to work some magic.

11. Set up an alias for your loopback connection (localhost/ on your Mac. This will fool your computer into thinking it’s connecting to an external IP. This command needs admin privileges, so you have to use sudo. The command is:

sudo ifconfig lo0 alias up

This will create a temporary alias for your loopback connection which will stay active until the computer is restarted.

12. Edit the all users configuration file for your SSH settings so that you can connect quickly without setting it up each time.

  1. Open the Terminal and run sudo pico /etc/ssh_config
  2. Enter the following text above the line that says ” #Host *”, change the user and port to the ones you have used in your SSH configuration.

Host AliasForHost
HostName hostip
Port 12345
User YourUserName
ServerAliveInterval 200
ServerAliveCountMax 3

Keep in mind that you can add any number of ports to this list. For example, if you want to connect to VNC, add 5900 to that list. Then to use VNC, connect to

Hit control + x, Y, and enter to save the file. Since we’re saving it as a dotfile (there’s a dot at the beginning) you won’t be able to see it. If you need to edit it again, you can do it through pico the same way.

13. Initiate the SSH connection with your host computer using the host alias we set up before.

sudo ssh AliasForHost

14. Connect to the Samba share. Open a Finder window and hit command+ k to open a Connect to Server windows. For the server address, use:


Now click Connect, and if everything went well you should be prompted with a window to enter your Login credentials for the server machine!

Wow, that was complicated, but at this point it doesn’t need to be. Here’s a little AppleScript I came up with to automate the connection. (Don’t worry about running the ifconfig over and over, it won’t hurt anything)

set Command to "sudo ifconfig lo0 alias up; sudo ssh AliasForHost"

tell application “Terminal”
if (count of windows) is 0 then
do script Command
do script Command in window 1
end if
end tell

You can save that script as an application using the AppleScript Script Editor and run it to automatically run those commands.

I know for most people that post was probably really confusing but I tried! If you need help please comment or something. I’ll get back to you.

Edit: Take a look at Fredrik’s script in the first comment for  an even more automated solution for connecting and mounting.

Edit2: I found a much more efficient way to actually initiate the connection using a host alias, take a look at the part about the ssh_config file


Here’s a Terminal command for mounting an SMB share by tunneling through an SSH server (e.g. when the SSH server is the only access point through the firewall):

“sudo ifconfig lo0 alias up ; sudo ssh -NL -NL USER@SSH.SERVER.ADDRESS

SMB.ADDRESS = the I.P. address or domain name of the SMB share.
SSH.SERVER.ADDRESS = the I.P. address or domain name of the SSH server

After executing this command you will be prompted twice:
1. For the sudo (admin) password on your Mac, then
2. For the SSH server password.

Now use the standard “Connect to Server” dialogue from the menu bar with:
Now you will be prompted for the SMB username and password.