Mount Remote Filesystem Over SSH using SSHFS

0
5

Follow through this tutorial to learn how to mount remote filesystem over SSH using SSHFS. sshfs is a filesystem client based on the SSH File Transfer Protocol.

According to man pages;

“SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used“.

Mount Remote Filesystem Over SSH using SSHFS

In this setup, we will be using two servers for demonstrating how SSHFS can be used to mount remote filesytem via SSH protocol.

+---------------------------+         +----------------------------+
|        Log Manager        |         |         Web Server         |
| logman.kifarunix-demo.com +----+----+  web.kifarunix-demo.com    |
|       192.168.58.21       |         |      192.168.58.22         |
|      SSH Client/SSHFS     |         |        SSH Server          |
+---------------------------+         +----------------------------+

Install SSHFS on Linux Client System

Install SSHFS on the client system.

If you are running Ubuntu/Debian based systems, run the command below to install SSHFS package.

apt install sshfs -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  fuse3 libfuse3-3
The following NEW packages will be installed:
  fuse3 libfuse3-3 sshfs
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 166 kB of archives.
After this operation, 528 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libfuse3-3 amd64 3.10.3-2 [85.3 kB]
Get:2 http://deb.debian.org/debian bullseye/main amd64 fuse3 amd64 3.10.3-2 [34.7 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 sshfs amd64 3.7.1+repack-2 [46.0 kB]
Fetched 166 kB in 2s (97.8 kB/s)
Selecting previously unselected package libfuse3-3:amd64.
(Reading database ... 30388 files and directories currently installed.)
Preparing to unpack .../libfuse3-3_3.10.3-2_amd64.deb ...
Unpacking libfuse3-3:amd64 (3.10.3-2) ...
Selecting previously unselected package fuse3.
Preparing to unpack .../fuse3_3.10.3-2_amd64.deb ...
Unpacking fuse3 (3.10.3-2) ...
Selecting previously unselected package sshfs.
Preparing to unpack .../sshfs_3.7.1+repack-2_amd64.deb ...
Unpacking sshfs (3.7.1+repack-2) ...
Setting up libfuse3-3:amd64 (3.10.3-2) ...
Setting up fuse3 (3.10.3-2) ...
update-initramfs: deferring update (trigger activated)
Setting up sshfs (3.7.1+repack-2) ...
Processing triggers for initramfs-tools (0.140) ...
update-initramfs: Generating /boot/initrd.img-5.10.0-8-amd64
Processing triggers for libc-bin (2.31-13) ...
Processing triggers for man-db (2.9.4-2) ...

On CentOS/RHEL systems;

dnf install sshfs -y
CentOS-8 - AppStream                                                                                                                        5.0 kB/s | 4.3 kB     00:00    
CentOS-8 - AppStream                                                                                                                        3.8 MB/s | 9.3 MB     00:02    
CentOS-8 - Base                                                                                                                             6.6 kB/s | 3.9 kB     00:00    
CentOS-8 - Base                                                                                                                             3.9 MB/s | 7.5 MB     00:01    
CentOS-8 - Extras                                                                                                                           2.6 kB/s | 1.5 kB     00:00    
CentOS-8 - Extras                                                                                                                            18 kB/s |  10 kB     00:00    
CentOS-8 - PowerTools                                                                                                                       8.5 kB/s | 4.3 kB     00:00    
CentOS-8 - PowerTools                                                                                                                       1.7 MB/s | 2.4 MB     00:01    
Dependencies resolved.
============================================================================================================================================================================
 Package                                   Architecture                         Version                                      Repository                                Size
============================================================================================================================================================================
Installing:
 fuse-sshfs                                x86_64                               2.8-5.el8                                    PowerTools                                56 k
Installing dependencies:
 fuse                                      x86_64                               2.9.7-12.el8                                 BaseOS                                    82 k
 fuse-common                               x86_64                               3.2.1-12.el8                                 BaseOS                                    21 k

Transaction Summary
============================================================================================================================================================================
Install  3 Packages

Total download size: 160 k
Installed size: 320 k
Downloading Packages:
(1/3): fuse-common-3.2.1-12.el8.x86_64.rpm                                                                                                  159 kB/s |  21 kB     00:00    
(2/3): fuse-2.9.7-12.el8.x86_64.rpm                                                                                                         609 kB/s |  82 kB     00:00    
(3/3): fuse-sshfs-2.8-5.el8.x86_64.rpm                                                                                                      401 kB/s |  56 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                       163 kB/s | 160 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                    1/1 
  Installing       : fuse-common-3.2.1-12.el8.x86_64                                                                                                                    1/3 
  Installing       : fuse-2.9.7-12.el8.x86_64                                                                                                                           2/3 
  Installing       : fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 
  Running scriptlet: fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 
  Verifying        : fuse-2.9.7-12.el8.x86_64                                                                                                                           1/3 
  Verifying        : fuse-common-3.2.1-12.el8.x86_64                                                                                                                    2/3 
  Verifying        : fuse-sshfs-2.8-5.el8.x86_64                                                                                                                        3/3 

Installed:
  fuse-sshfs-2.8-5.el8.x86_64                             fuse-2.9.7-12.el8.x86_64                             fuse-common-3.2.1-12.el8.x86_64                            

Complete!

For other distributions, refer to their package manager docs on how to install SSHFS package.

Mount Remote Filesystem Over SSH using SSHFS

You can now proceed to mount remote filesystem over SSH using SSHFS.

The syntax of the SSHFS command is;

sshfs [[email protected]]host:[dir] mountpoint [options]

On your client system, you can mount the remote file-system as a standard user or root user.

For example, to mount the remote system log directory, /var/log, under the /media/ directory on the client system, simply run the command below;

Note that, in this particular example, the /var/log, is remotely owned by root user. As such, if you want to mount this directory locally, then you need to mount it as a remote root user.

sshfs [email protected]:/var/log /media/

Mounting root owned filesystems remotetly means that you also need to configure remote SSH server to allow remote root login.

This is a risk. However, you can restrict this to specific client.

On the server, you can add such lines to /etc/ssh/sshd_config file.

PermitRootLogin no
Match Address 192.168.58.1
      PermitRootLogin yes

Checking the mount points on the client system;

df -hT -P /media/
Filesystem                  Type        Size  Used Avail Use% Mounted on
[email protected]:/var/log fuse.sshfs   15G  1.3G   13G   9% /media

Checking the contents of the remote filesystem/directory;

ls -1 /media/ | column -c 50
alternatives.log	journal
apt			kern.log
auth.log		lastlog
btmp			messages
daemon.log		private
debug			runit
dpkg.log		syslog
faillog			wtmp
installer

You can read the logs in realtime as if they were on the local system;

tail -f /media/auth.log
Oct  7 20:45:43 debian11 systemd-logind[396]: New session 4 of user kifarunix.
Oct  7 20:45:43 debian11 systemd: pam_unix(systemd-user:session): session opened for user kifarunix(uid=1000) by (uid=0)
Oct  7 20:45:49 debian11 su: (to root) kifarunix on pts/0
Oct  7 20:45:49 debian11 su: pam_unix(su-l:session): session opened for user root(uid=0) by kifarunix(uid=1000)
Oct  7 21:03:01 debian11 sshd[416]: Received signal 15; terminating.
Oct  7 21:03:01 debian11 sshd[944]: Server listening on 0.0.0.0 port 22.
Oct  7 21:03:01 debian11 sshd[944]: Server listening on :: port 22.
Oct  7 21:04:57 debian11 sshd[957]: Accepted password for root from 192.168.58.1 port 45488 ssh2
Oct  7 21:04:57 debian11 sshd[957]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Oct  7 21:04:57 debian11 systemd-logind[396]: New session 6 of user root.
Oct  7 21:13:26 debian11 sshd[10524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.58.1  user=kifarunix
Oct  7 21:13:28 debian11 sshd[10524]: Failed password for kifarunix from 192.168.58.1 port 45598 ssh2
...

You can use a standard remote user if what you are mounting is owned by that user.

For example, to mount the remote system /home/kifarunix directory, login as the owner of this directory. For example;

sshfs [email protected]:/home/kifarunix ~/remote/

Note, as a standard user on the client system, you can only mount remote filesystems to directories you have permissions to write to.

Btw, it is good to note that sshfs doesnt intepret ~ (sshfs [email protected]:~/ remote/) as users home directory on remote system.

Mount Remote Filesystem Over SSH using SSHFS Permanently

To ensure seamless mounting of remote filesystem even when the remote server reboots, you can use /etc/fstab.

However, you first need to generate the passwordless SSH keys (empty passphrase) and copy them to a remote system.

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kifarunix/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/kifarunix/.ssh/id_rsa.
Your public key has been saved in /home/kifarunix/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Gvclrjgw2hFQJtWl5tteTT9gqB0IqSSM0/aNVjOgmHM [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|  .o=. ..        |
| *.+ ..o         |
|* E.. O          |
| = +.B + . .     |
|    =.+ S + =    |
|   .+  * = B o   |
|   o +o o = . o  |
|  . . .o o     . |
|      ..o        |
+----[SHA256]-----+

Copy the key to the remote user you are using for mounting;

ssh-copy-id -i /path/to/key [email protected]

For example, to copy the above key to a remote server user;

ssh-copy-id -i /home/kifarunix/.ssh/id_rsa [email protected]

You should now be able to login without being prompted for password.

Next, update the fstab file with the mount details.

For example, to automatically mount the remote /var/log directory on a client system, update /etc/fstab by entering the line in the format;

<filesystem/remote directory> <mount point>   <type>  <options>       <dump>  <pass>

To mount the remote /var/log directory, enter the line below to /etc/fstab.

sshfs#[email protected]:/var/log /mnt  fuse  reconnect,IdentityFile=/home/kifarunix/.ssh/id_rsa,_netdev,port=22  0  0

Make the appropriate adjustments.

Reboot the system and verify if the remote directory was mounted.

Unmounting the Filesystem/directory

To unmount the filesystem, run the command below;

fusermount -u mountpoint

For example;

fusermount -u /mnt

And that concludes our guide on how to mount remote filesystem over SSH via SSHFS.

Read more on man sshfs.

Other Tutorials

Install and Configure NFS Server on Rocky Linux 8

Allow/Deny Specific Users to Login via SSH

Configure SSH Public Key Authentication in Linux

LEAVE A REPLY

Please enter your comment!
Please enter your name here