Fight for the Internet 1!

Saturday, February 21, 2009

SSHFS - Network Shares made easy with SSH

Overview

SSHFS is a program that can use the SSH connection on a computer for mounting a network share / network drive from that target machine to your local computer.

The great news is that you only need to install SSHFS on the computer which you are doing the mounting on, you do not need to change anything on the remote target computer. Put another way, if you want to mount your remote SSH machine's harddrive on your local desktop, you only need to install SSHFS onto your desktop. This is particularly convenient when you don't have administrator control over the remote target client and cannot install extra software.

SSHFS is running through an SSH connection (duh!), so your activity is as encrypted as your SSH connection is (which is pretty good if you use SSHv2, which you should be). SSHFS also inherents the permisssions of your SSH connection, so if you connect as a non-root user, you will be limited to the access that user account has.

Installing SSHFS

This guide assumes you can install SSHFS through your Linux distribution's package system (apt/yum/whatever).

For example, in Ubuntu/Debian:
sudo apt-get install sshfs

Preparing to run SSHFS

Make sure the 'fuse' module is loaded into your Linux kernel.
Check by running this command on a terminal:
lsmod | grep -i fuse
If you don't see it loaded, you can load the module with this command:
sudo modprobe fuse

Info on Mount Permissions

Mounting shares with SSHFS is like mounting devices in Linux. They require root/administrator level permissions to do, unless you have specifically changed it to otherwise.

Also, you need specific the permissions of the mounted shares when you mount them, or else your normal user account won't be able to read/write/execute anything in the shared directory.

To enable others to read/write/execute the shared directory, use the mounting command switch:

-o allow_other

You need to run the SSHFS commands as root or with the 'sudo' command.

The Dot '.' Special Character (convenient time saver)

Like the SCP command, SSHFS uses the '.' symbol as a quick way to write '/home/user' (substituting whatever username is invoked with the mount command).

Mounting Shares

The generalized format of the SSHFS mounting is this:

sshfs SSHFS_OPTIONS -p SSH_PORT SSH_USER@REMOTE_TARGET:. LOCAL_DIRECTORY

Here is an example line to mount an network share through SSH:
sshfs -o allow_other -p 7689 jon@192.168.0.10:. /home/jon/shares

In this case, the '.' is being translated into '/home/jon' on the remote target machine. This just saves time. You can explicitly mount other directories.

For example, the user 'bob' is logging in as 'jon' to the computer with the IP address 192.168.0.10, and is mounting that computer's /media/disk1 to his local directory 'shares' on his computer.
sshfs -o allow_other -p 7689 jon@192.168.0.10:/media/disk1 /home/bob/shares

SSHFS can be chain mounted if you desired, so you could mount from a mount from a mount over several SSH connections, but that would not only be ugly but probably slow.

Unmounting Shares

To disconnect a network share, you simply unmount it like any other device in Linux. This require the use of the umount command (not to be confused with 'unmount').
You need to run the 'umount' commands as root or with the 'sudo' command.

sudo umount /home/user/shares

You simply unmount whatever directory where you mounted the SSHFS connection to. Very simple.

Additional Information

SSHFS has several options you can set. Read the manual for more information.

A Word on Speed

SSHFS is pretty fast on local networks. I find their packets to have speeds that are always as fast as SMB/Samba packets. Over a remote network, it is hard to say but I find it is usable even on slow connections.

TROUBLE SHOOTING


SSHFS has only a few simple dependencies usually but your package manger should take care of those for you automatically. The only one it might miss is install the FUSE program.

If you cannot run SSHFS, try install the fuse-utilities.

Also, make sure you have the fuse module loaded into your kernel.

Make sure you are connecting to the correct remote target IP/Host.

Make sure you are using the correct login name for the remote target IP/Host.

Make sure you have permission to read/write/execute the target directory you are trying to mount locally.

Make sure the local target mount directory exists!

A word on SSH Public Keys

Mounting through SSHFS can give you cryptic/unusual errors if there is an error with SSH keys.

This is because of the layers of software it is translating through. In general, you will only see errors while mounting if you are connecting over SSH to a machine whose credentials don't meet expectations.

This typically happens if the remote target SSH machine's IP changes, or their SSH keys change on that machine.

You can confirm this is your problem by trying to connect via normal SSH to the remote target IP/Host. If you get a SSH key error, that is the source of your problem. You can edit your ~/.ssh/known_hosts file and delete the (entire) offending line.

But beware! If you get this error and you don't know why, LISTEN TO IT! SSH stores information on the IPs and the SSH keys it connects to. If the credentials don't match you might be under a Man-in-the-middle attack. So only modify your ~/.ssh/known_hosts file if you know the error message is not valid.

Afterward

The title of this post is "Network Shares made easy with SSH." Some of you might think is a lot of work to get a network share working. It is easier because, really, have you ever tried to get Samba shares working? :)

1 comment:

  1. '.' dot in UNIX means "this directory" so in your case, you are automatically placed in the user's home directory, so "." always means "this directory", it doesn't mean "user's home directory"

    ReplyDelete