Follow through this tutorial to learn how to mount remote filesystem over SSH using SSHFS. sshfs is a filesystem client based on the SSH File Transfer Protocol.
According to man pages;
“SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used“.
Mounting Remote Filesystem Over SSH using SSHFS
In this setup, we will be using two servers for demonstrating how SSHFS can be used to mount remote filesytem via SSH protocol.
+---------------------------+ +----------------------------+
| Log Manager | | Web Server |
| logman.kifarunix-demo.com +----+----+ web.kifarunix-demo.com |
| 192.168.58.21 | | 192.168.58.22 |
| SSH Client/SSHFS | | SSH Server |
+---------------------------+ +----------------------------+
Install SSHFS on Linux Client System
Install SSHFS on the client system.
If you are running Ubuntu/Debian based systems, run the command below to install SSHFS package.
apt install sshfs -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
fuse3 libfuse3-3
The following NEW packages will be installed:
fuse3 libfuse3-3 sshfs
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 166 kB of archives.
After this operation, 528 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libfuse3-3 amd64 3.10.3-2 [85.3 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 fuse3 amd64 3.10.3-2 [34.7 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 sshfs amd64 3.7.1+repack-2 [46.0 kB]
Fetched 166 kB in 2s (97.8 kB/s)
Selecting previously unselected package libfuse3-3:amd64.
(Reading database ... 30388 files and directories currently installed.)
Preparing to unpack .../libfuse3-3_3.10.3-2_amd64.deb ...
Unpacking libfuse3-3:amd64 (3.10.3-2) ...
Selecting previously unselected package fuse3.
Preparing to unpack .../fuse3_3.10.3-2_amd64.deb ...
Unpacking fuse3 (3.10.3-2) ...
Selecting previously unselected package sshfs.
Preparing to unpack .../sshfs_3.7.1+repack-2_amd64.deb ...
Unpacking sshfs (3.7.1+repack-2) ...
Setting up libfuse3-3:amd64 (3.10.3-2) ...
Setting up fuse3 (3.10.3-2) ...
update-initramfs: deferring update (trigger activated)
Setting up sshfs (3.7.1+repack-2) ...
Processing triggers for initramfs-tools (0.140) ...
update-initramfs: Generating /boot/initrd.img-5.10.0-8-amd64
Processing triggers for libc-bin (2.31-13) ...
Processing triggers for man-db (2.9.4-2) ...
On CentOS/RHEL systems;
dnf install sshfs -y
CentOS-8 - AppStream 5.0 kB/s | 4.3 kB 00:00
CentOS-8 - AppStream 3.8 MB/s | 9.3 MB 00:02
CentOS-8 - Base 6.6 kB/s | 3.9 kB 00:00
CentOS-8 - Base 3.9 MB/s | 7.5 MB 00:01
CentOS-8 - Extras 2.6 kB/s | 1.5 kB 00:00
CentOS-8 - Extras 18 kB/s | 10 kB 00:00
CentOS-8 - PowerTools 8.5 kB/s | 4.3 kB 00:00
CentOS-8 - PowerTools 1.7 MB/s | 2.4 MB 00:01
Dependencies resolved.
============================================================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================================================
Installing:
fuse-sshfs x86_64 2.8-5.el8 PowerTools 56 k
Installing dependencies:
fuse x86_64 2.9.7-12.el8 BaseOS 82 k
fuse-common x86_64 3.2.1-12.el8 BaseOS 21 k
Transaction Summary
============================================================================================================================================================================
Install 3 Packages
Total download size: 160 k
Installed size: 320 k
Downloading Packages:
(1/3): fuse-common-3.2.1-12.el8.x86_64.rpm 159 kB/s | 21 kB 00:00
(2/3): fuse-2.9.7-12.el8.x86_64.rpm 609 kB/s | 82 kB 00:00
(3/3): fuse-sshfs-2.8-5.el8.x86_64.rpm 401 kB/s | 56 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 163 kB/s | 160 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : fuse-common-3.2.1-12.el8.x86_64 1/3
Installing : fuse-2.9.7-12.el8.x86_64 2/3
Installing : fuse-sshfs-2.8-5.el8.x86_64 3/3
Running scriptlet: fuse-sshfs-2.8-5.el8.x86_64 3/3
Verifying : fuse-2.9.7-12.el8.x86_64 1/3
Verifying : fuse-common-3.2.1-12.el8.x86_64 2/3
Verifying : fuse-sshfs-2.8-5.el8.x86_64 3/3
Installed:
fuse-sshfs-2.8-5.el8.x86_64 fuse-2.9.7-12.el8.x86_64 fuse-common-3.2.1-12.el8.x86_64
Complete!
For other distributions, refer to their package manager docs on how to install SSHFS package.
Using SSHFS to Mount Remote Filesystem Over SSH
The syntax of the SSHFS command is;
sshfs [user@]host:[dir] mountpoint [options]
On your client system, you can mount the remote file-system as a standard user or root user.
For example, to mount the remote system log directory, /var/log
, under the /media/
directory on the client system, simply run the command below;
Note that, in this particular example, the /var/log
, is remotely owned by root user. As such, if you want to mount this directory locally, then you need to mount it as a remote root user.
sshfs [email protected]:/var/log /media/
Mounting root owned filesystems remotetly means that you also need to configure remote SSH server to allow remote root login.
This is a risk. However, you can restrict this to specific client.
On the server, you can add such lines to /etc/ssh/sshd_config
file.
PermitRootLogin no
Match Address 192.168.58.1
PermitRootLogin yes
Checking the mount points on the client system;
df -hT -P /media/
Filesystem Type Size Used Avail Use% Mounted on
[email protected]:/var/log fuse.sshfs 15G 1.3G 13G 9% /media
Checking the contents of the remote filesystem/directory;
ls -1 /media/ | column -c 50
alternatives.log journal
apt kern.log
auth.log lastlog
btmp messages
daemon.log private
debug runit
dpkg.log syslog
faillog wtmp
installer
You can read the logs in realtime as if they were on the local system;
tail -f /media/auth.log
Oct 7 20:45:43 debian11 systemd-logind[396]: New session 4 of user kifarunix.
Oct 7 20:45:43 debian11 systemd: pam_unix(systemd-user:session): session opened for user kifarunix(uid=1000) by (uid=0)
Oct 7 20:45:49 debian11 su: (to root) kifarunix on pts/0
Oct 7 20:45:49 debian11 su: pam_unix(su-l:session): session opened for user root(uid=0) by kifarunix(uid=1000)
Oct 7 21:03:01 debian11 sshd[416]: Received signal 15; terminating.
Oct 7 21:03:01 debian11 sshd[944]: Server listening on 0.0.0.0 port 22.
Oct 7 21:03:01 debian11 sshd[944]: Server listening on :: port 22.
Oct 7 21:04:57 debian11 sshd[957]: Accepted password for root from 192.168.58.1 port 45488 ssh2
Oct 7 21:04:57 debian11 sshd[957]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Oct 7 21:04:57 debian11 systemd-logind[396]: New session 6 of user root.
Oct 7 21:13:26 debian11 sshd[10524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.58.1 user=kifarunix
Oct 7 21:13:28 debian11 sshd[10524]: Failed password for kifarunix from 192.168.58.1 port 45598 ssh2
...
You can use a standard remote user if what you are mounting is owned by that user.
For example, to mount the remote system /home/kifarunix
directory, login as the owner of this directory. For example;
sshfs [email protected]:/home/kifarunix ~/remote/
Note, as a standard user on the client system, you can only mount remote filesystems to directories you have permissions to write to.
Btw, it is good to note that sshfs doesnt intepret ~ (sshfs [email protected]:~/ remote/
) as users home directory on remote system.
Using SSHFS to Mount Remote Filesystem Over SSH Permanently
To ensure seamless mounting of remote filesystem even when the remote server reboots, you can use /etc/fstab
.
However, you first need to generate the passwordless SSH keys (empty passphrase) and copy them to a remote system.
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kifarunix/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kifarunix/.ssh/id_rsa.
Your public key has been saved in /home/kifarunix/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Gvclrjgw2hFQJtWl5tteTT9gqB0IqSSM0/aNVjOgmHM [email protected]
The key's randomart image is:
+---[RSA 3072]----+
| .o=. .. |
| *.+ ..o |
|* E.. O |
| = +.B + . . |
| =.+ S + = |
| .+ * = B o |
| o +o o = . o |
| . . .o o . |
| ..o |
+----[SHA256]-----+
Copy the key to the remote user you are using for mounting;
ssh-copy-id -i /path/to/key user@remote-host
For example, to copy the above key to a remote server user;
ssh-copy-id -i /home/kifarunix/.ssh/id_rsa [email protected]
You should now be able to login without being prompted for password.
Next, update the fstab file with the mount details.
For example, to automatically mount the remote /var/log
directory on a client system, update /etc/fstab
by entering the line in the format;
<filesystem/remote directory> <mount point> <type> <options> <dump> <pass>
To mount the remote /var/log
directory, enter the line below to /etc/fstab.
sshfs#[email protected]:/var/log /mnt fuse reconnect,IdentityFile=/home/kifarunix/.ssh/id_rsa,_netdev,port=22 0 0
Make the appropriate adjustments.
Reboot the system and verify if the remote directory was mounted.
Unmounting the Filesystem/directory
To unmount the filesystem, run the command below;
fusermount -u mountpoint
For example;
fusermount -u /mnt
And that concludes our guide on how to mount remote filesystem over SSH via SSHFS.
Read more on man sshfs
.
Other Tutorials
Install and Configure NFS Server on Rocky Linux 8