[ale] Samba security

DJ-Pfulio DJPfulio at jdpfu.com
Tue Jan 14 11:24:43 EST 2020


On 1/14/20 10:30 AM, Todor Fassl via Ale wrote:
> I am supporting an undergraduate research cluster. Undergrads can ssh
> into the cluster and do mathematical research via Matlab, Mathematica,
> Magma, Sage, etc. I think there are 9 different computational algebra
> systems on the cluster plus python, gcc, etc. Anyway, most of the
> students have been using ssh to log into the machines and then using
> emacs or vi to write their code. A handful of students write the code on
> their own computers and then scp it to the cluster. A few use and sshfs
> client. I was thinking of installing samba so students who use Windows
> could map a network drive.  I am not sure the ports would be open by a
> typical ISP or on the campus firewall. But I might be able to make it
> possible for a student with a laptop to sit in a campus library and
> write code.
> 
> Is this a bad idea?

Yes. It is a terrible idea, unless you force them to use a full VPN.
ISPs block CIFS/SMB ports to protect neighbors from accessing each
other's "guest" file shares.  It wasn't always this way. A single ssh
tunnel wouldn't be sufficient since samba works on multiple ports.

There are some things that Windows just doesn't do as well as a Linux
desktop.


More information about the Ale mailing list