Mounting your Nikhef home directory using SSH
for Windows 10 (built-in OpenSSH client)

(Updated 05/Oct/2021; tested Win10 1809,1909,20H2, 21H1)

Introduction

This tutorial contains screenshots for the English version of Windows 10. Separate instructions for older versions of Windows are also available: To be able to mount a Windows share over SSH we will need This part of the tutorial is split into the following steps:
  1. As most people do not have a spare real network adapter in their computer, we will add an extra virtual network adapter by installing the Microsoft KM-TEST Loopback Adapter.
  2. After that, the network adapter must be properly configured.
  3. Starting with Windows 10 update 1903, the Windows 10 feature "SMB 1.0" must be turned off.
  4. Furthermore, a few Windows system services need to be tweaked.
  5. Next, reboot Windows to verify that we've been able to grab port 445 and to see if the lanmanserver service is up and running.
  6. Finally, we launch a special OpenSSH session and mount our Nikhef home directory.

  7. For those wishing to undo the above steps follow the instructions at the bottom of this tutorial.

Windows 10 Upgrade woes

Multiple persons have reported problems after a major Windows 10 upgrade (e.g. from 1803 to 1809). This is due mostly to the disappearance of the Microsoft KM-TEST Loopback Adapter and of the portproxy rule. In order to recover after a Windows 10 upgrade, try

1. Installing the Loopback Adapter

To install the Loopback adapter follow these steps: You are now ready to configure your newly installed Loopback adapter. Even though Windows might not ask you to, reboot anyways (heey, it's a Microsoft OS ;-)).
From reports I've seen on the Internet a reboot is sometimes required for the loopback adapter to come up properly.

2. Configuring the Loopback Adapter

Now that your newly installed loopback adapter is up and running we must configure it properly:

3. Disabling the "SMB 1.0" Windows feature

Starting with Windows 10 update 1903 we need to disable the Windows feature SMB 1.0: (Thanks to Michael Uhlenberg for pointing this out)

4. Tweaking the 'LanmanServer' service

First, we need to tweak a Windows system service to overcome the thing that Microsoft broke. The root cause of the problem is that we need to access the file share using TCP port 445. However, when Windows boots, this port is grabbed by the system lanmanserver service for all interfaces. If we can insert a portproxy rule to grab port 445 for the loopback interface before the lanmanserver service starts, we can circumvent this. Be aware that portproxy rules are executed by the iphlpsvc service. By adding a dependency to the lanmanserver service we ensure that the iphlpsvc service is always launched before the lanmanserver service. This section explains how to do this: If all went well you should see something like
ConfigureConsole
The portproxy rule is persistent, so there should be no need to repeat this step after a reboot.

5. Reboot and verify

Of course, now that we have made modifications to the 'Required Services' dependency of the 'LanmanServer' service we have to reboot Windows before proceeding. If the port is not grabbed correctly (i.e. no 10.255.255.1:445 in the 'netstat` output) then try the Old driver tweak instructions to see if that works better for you.

On Windows 10 things are slightly different compared to Windows 7 and 8; it seems that Microsoft has read my tutorial and decided to provide a way to use local shares again ;-) !

6. Putting it all together

Now that we have configured both our loopback adapter we can put it all together by launching a special OpenSSH connection and mounting our Nikhef home directory as a Windows share:
Congratulations!

Mapping a network drive

To make life even easier it might be handy to map a network drive to your Nikhef home directory:

7. Control+Z! Undo! Undo!

For those wishing to undo the CIFS-over-SSH trick follow these steps:
  1. Start a console window with elevated (Administrator) privileges.
  2. Restore the dependencies of the lanmanserver service by typing
      sc config lanmanserver depend= samss/srv2
    
    NOTE the list of required services may be slightly different on your system. Use the PowerShell command from section 4 to obtain a list.
    NOTE the space after the depend= !
  3. Remove the portproxy rule by typing
      netsh interface portproxy delete v4tov4 listenaddress=10.255.255.1 listenport=445
    
  4. Remove the firewall rule to allow SSH to do portforwarding from 10.255.255.1:
  5. Start a Device Manager by typing
      devmgmt.msc
    
    Expand the 'Network Adapters', right-click on Loopback adapter and select Uninstall.
  6. If necessary, use the 'Task Scheduler' from the 'Administrative Tasks' menu to delete the task 'Start LanmanServer driver'
That's all, folks!

Comments to Jan Just Keijser | lastmod = 05/10/2021 11:00