Mount Remote Filesystem Over SSH using SSHFS

|
Last Updated:
|
|

Follow through this tutorial to learn how to mount remote filesystem over SSH using SSHFS. sshfs is a filesystem client based on the SSH File Transfer Protocol.

According to man pages;

“SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used“.

Mounting Remote Filesystem Over SSH using SSHFS

In this setup, we will be using two servers for demonstrating how SSHFS can be used to mount remote filesytem via SSH protocol.

+---------------------------+         +----------------------------+
|        Log Manager        |         |         Web Server         |
| logman.kifarunix-demo.com +----+----+  web.kifarunix-demo.com    |
|       192.168.58.21       |         |      192.168.58.22         |
|      SSH Client/SSHFS     |         |        SSH Server          |
+---------------------------+         +----------------------------+

Install SSHFS on Linux Client System

Install SSHFS on the client system.

If you are running Ubuntu/Debian based systems, run the command below to install SSHFS package.

apt install sshfs -y

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  fuse3 libfuse3-3
The following NEW packages will be installed:
  fuse3 libfuse3-3 sshfs
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 166 kB of archives.
After this operation, 528 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libfuse3-3 amd64 3.10.3-2 [85.3 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 fuse3 amd64 3.10.3-2 [34.7 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 sshfs amd64 3.7.1+repack-2 [46.0 kB]
Fetched 166 kB in 2s (97.8 kB/s)
Selecting previously unselected package libfuse3-3:amd64.
(Reading database ... 30388 files and directories currently installed.)
Preparing to unpack .../libfuse3-3_3.10.3-2_amd64.deb ...
Unpacking libfuse3-3:amd64 (3.10.3-2) ...
Selecting previously unselected package fuse3.
Preparing to unpack .../fuse3_3.10.3-2_amd64.deb ...
Unpacking fuse3 (3.10.3-2) ...
Selecting previously unselected package sshfs.
Preparing to unpack .../sshfs_3.7.1+repack-2_amd64.deb ...
Unpacking sshfs (3.7.1+repack-2) ...
Setting up libfuse3-3:amd64 (3.10.3-2) ...
Setting up fuse3 (3.10.3-2) ...
update-initramfs: deferring update (trigger activated)
Setting up sshfs (3.7.1+repack-2) ...
Processing triggers for initramfs-tools (0.140) ...
update-initramfs: Generating /boot/initrd.img-5.10.0-8-amd64
Processing triggers for libc-bin (2.31-13) ...
Processing triggers for man-db (2.9.4-2) ...

On CentOS/RHEL systems;

dnf install sshfs -y

CentOS-8 - AppStream                                                                                                                        5.0 kB/s | 4.3 kB     00:00    
CentOS-8 - AppStream                                                                                                                        3.8 MB/s | 9.3 MB     00:02    
CentOS-8 - Base                                                                                                                             6.6 kB/s | 3.9 kB     00:00    
CentOS-8 - Base                                                                                                                             3.9 MB/s | 7.5 MB     00:01    
CentOS-8 - Extras                                                                                                                           2.6 kB/s | 1.5 kB     00:00    
CentOS-8 - Extras                                                                                                                            18 kB/s |  10 kB     00:00    
CentOS-8 - PowerTools                                                                                                                       8.5 kB/s | 4.3 kB     00:00    
CentOS-8 - PowerTools                                                                                                                       1.7 MB/s | 2.4 MB     00:01    
Dependencies resolved.
============================================================================================================================================================================
 Package                                   Architecture                         Version                                      Repository                                Size
============================================================================================================================================================================
Installing:
 fuse-sshfs                                x86_64                               2.8-5.el8                                    PowerTools                                56 k
Installing dependencies:
 fuse                                      x86_64                               2.9.7-12.el8                                 BaseOS                                    82 k
 fuse-common                               x86_64                               3.2.1-12.el8                                 BaseOS                                    21 k

Transaction Summary
============================================================================================================================================================================
Install  3 Packages

Total download size: 160 k
Installed size: 320 k
Downloading Packages:
(1/3): fuse-common-3.2.1-12.el8.x86_64.rpm                                                                                                  159 kB/s |  21 kB     00:00    
(2/3): fuse-2.9.7-12.el8.x86_64.rpm                                                                                                         609 kB/s |  82 kB     00:00    
(3/3): fuse-sshfs-2.8-5.el8.x86_64.rpm                                                                                                      401 kB/s |  56 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                       163 kB/s | 160 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                    1/1 
  Installing       : fuse-common-3.2.1-12.el8.x86_64                                                                                                                    1/3 
  Installing       : fuse-2.9.7-12.el8.x86_64                                                                                                                           2/3 
  Installing       : fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 
  Running scriptlet: fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 
  Verifying        : fuse-2.9.7-12.el8.x86_64                                                                                                                           1/3 
  Verifying        : fuse-common-3.2.1-12.el8.x86_64                                                                                                                    2/3 
  Verifying        : fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 

Installed:
  fuse-sshfs-2.8-5.el8.x86_64                             fuse-2.9.7-12.el8.x86_64                             fuse-common-3.2.1-12.el8.x86_64                            

Complete!

For other distributions, refer to their package manager docs on how to install SSHFS package.

Using SSHFS to Mount Remote Filesystem Over SSH

The syntax of the SSHFS command is;

sshfs [user@]host:[dir] mountpoint [options]

On your client system, you can mount the remote file-system as a standard user or root user.

For example, to mount the remote system log directory, /var/log, under the /media/ directory on the client system, simply run the command below;

Note that, in this particular example, the /var/log, is remotely owned by root user. As such, if you want to mount this directory locally, then you need to mount it as a remote root user.

sshfs [email protected]:/var/log /media/

Mounting root owned filesystems remotetly means that you also need to configure remote SSH server to allow remote root login.

This is a risk. However, you can restrict this to specific client.

On the server, you can add such lines to /etc/ssh/sshd_config file.

PermitRootLogin no
Match Address 192.168.58.1
      PermitRootLogin yes

Checking the mount points on the client system;

df -hT -P /media/
Filesystem                  Type        Size  Used Avail Use% Mounted on
[email protected]:/var/log fuse.sshfs   15G  1.3G   13G   9% /media

Checking the contents of the remote filesystem/directory;

ls -1 /media/ | column -c 50
alternatives.log	journal
apt			kern.log
auth.log		lastlog
btmp			messages
daemon.log		private
debug			runit
dpkg.log		syslog
faillog			wtmp
installer

You can read the logs in realtime as if they were on the local system;

tail -f /media/auth.log

Oct  7 20:45:43 debian11 systemd-logind[396]: New session 4 of user kifarunix.
Oct  7 20:45:43 debian11 systemd: pam_unix(systemd-user:session): session opened for user kifarunix(uid=1000) by (uid=0)
Oct  7 20:45:49 debian11 su: (to root) kifarunix on pts/0
Oct  7 20:45:49 debian11 su: pam_unix(su-l:session): session opened for user root(uid=0) by kifarunix(uid=1000)
Oct  7 21:03:01 debian11 sshd[416]: Received signal 15; terminating.
Oct  7 21:03:01 debian11 sshd[944]: Server listening on 0.0.0.0 port 22.
Oct  7 21:03:01 debian11 sshd[944]: Server listening on :: port 22.
Oct  7 21:04:57 debian11 sshd[957]: Accepted password for root from 192.168.58.1 port 45488 ssh2
Oct  7 21:04:57 debian11 sshd[957]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Oct  7 21:04:57 debian11 systemd-logind[396]: New session 6 of user root.
Oct  7 21:13:26 debian11 sshd[10524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.58.1  user=kifarunix
Oct  7 21:13:28 debian11 sshd[10524]: Failed password for kifarunix from 192.168.58.1 port 45598 ssh2
...

You can use a standard remote user if what you are mounting is owned by that user.

For example, to mount the remote system /home/kifarunix directory, login as the owner of this directory. For example;

sshfs [email protected]:/home/kifarunix ~/remote/

Note, as a standard user on the client system, you can only mount remote filesystems to directories you have permissions to write to.

Btw, it is good to note that sshfs doesnt intepret ~ (sshfs [email protected]:~/ remote/) as users home directory on remote system.

Using SSHFS to Mount Remote Filesystem Over SSH Permanently

To ensure seamless mounting of remote filesystem even when the remote server reboots, you can use /etc/fstab.

However, you first need to generate the passwordless SSH keys (empty passphrase) and copy them to a remote system.

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/kifarunix/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/kifarunix/.ssh/id_rsa.
Your public key has been saved in /home/kifarunix/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Gvclrjgw2hFQJtWl5tteTT9gqB0IqSSM0/aNVjOgmHM [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|  .o=. ..        |
| *.+ ..o         |
|* E.. O          |
| = +.B + . .     |
|    =.+ S + =    |
|   .+  * = B o   |
|   o +o o = . o  |
|  . . .o o     . |
|      ..o        |
+----[SHA256]-----+

Copy the key to the remote user you are using for mounting;

ssh-copy-id -i /path/to/key user@remote-host

For example, to copy the above key to a remote server user;

ssh-copy-id -i /home/kifarunix/.ssh/id_rsa [email protected]

You should now be able to login without being prompted for password.

Next, update the fstab file with the mount details.

For example, to automatically mount the remote /var/log directory on a client system, update /etc/fstab by entering the line in the format;

<filesystem/remote directory> <mount point>   <type>  <options>       <dump>  <pass>

To mount the remote /var/log directory, enter the line below to /etc/fstab.

sshfs#[email protected]:/var/log /mnt  fuse  reconnect,IdentityFile=/home/kifarunix/.ssh/id_rsa,_netdev,port=22  0  0

Make the appropriate adjustments.

Reboot the system and verify if the remote directory was mounted.

Unmounting the Filesystem/directory

To unmount the filesystem, run the command below;

fusermount -u mountpoint

For example;

fusermount -u /mnt

And that concludes our guide on how to mount remote filesystem over SSH via SSHFS.

Read more on man sshfs.

Other Tutorials

Install and Configure NFS Server on Rocky Linux 8

Allow/Deny Specific Users to Login via SSH

Configure SSH Public Key Authentication in Linux

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment