Home > Network, Storage > Secure Shell Filesystem

Secure Shell Filesystem

Print Friendly, PDF & Email

sshfsIn this article, we are looking at SSHFS, the Secure Shell Filesystem. We can use it to mount a remote filesystem using the SSH Protocol.  So the information flowing between the two systems is completely encrypted. SSHFS is a client based application, so beside the SSH server, there is nothing to installed on the remote server to use it.  FUSE is a linux kernel module that allow non-privilege user to mount their own filesystem without the help of any kernel code. One of the interesting feature of SSHFS is that you can securely mount a filesystem over the internet, this is impossible with Samba and not very secure with NFS. If you like more information on SSHFS, you can visit the  SSHFS homepage and the Wiki of the SSHFS package. There is also a YouTube video that show how to use SSHFS on a Fedora system. For those interested in a windows version of sshfs, there is a free version available at the Dokan site, you need to install the Dokan Library first, then install SSHFS. I have done some simple test with it and I didn’t had any problem.

Installing fuse and fuse-sshfs

FUSE and FUSE-SSHFS use the ssh protocol, so SSH needs to be installed on our client system. The only required package on the remote system,  is “openssh” (may work with other version of ssh). The package FUSE and FUSE-SSHFS  don’t need to be install on the remote system, only on the local server.  The first thing we  need to do is to get the latest version the “fuse” at this page and “fuse-sshfs” packages from this page and install them on our local system. The package “fuse” is now part of the RedHat/Centos 5.4, but you still need to get “fuse-sshfs” cause it isn’t included. Should the other site be unresponsive, you can download the rpm from Linternux site.

RedHat/Centos 5 fuse-2.7.4-1.el5.rf.i386.rpm fuse-sshfs-2.2-5.el5.i386.rpm
RedHat/Centos 4 fuse-2.7.4-1.el4.rf.i386.rpm fuse-sshfs-2.2-1.el4.rf.i386.rpm
RedHat/Centos 3 fuse-2.7.4-1.el3.rf.i386.rpm fuse-sshfs-2.2-1.el3.rf.i386.rpm
Fedora 10 fuse-2.7.4-2.fc10.i386.rpm fuse-sshfs-2.2-5.fc10.i386.rpm
Fedora 11 fuse-2.7.4-3.fc11.i586.rpm fuse-sshfs-2.2-2.fc11.i586.rpm

# ls -l
total 296
-rw-rw-r-- 1 jacques jacques 255149 Sep  6 13:15 fuse-2.7.3-1.el5.rf.i386.rpm
-rw-rw-r-- 1 jacques jacques  43203 Sep  6 13:15 fuse-sshfs-1.9-1.el5.rf.i386.rpm

# rpm -ivh fuse*
warning: fuse-2.7.3-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing...             ########################################### [100%]
1:fuse                   ########################################### [ 50%]
2:fuse-sshfs             ########################################### [100%]
#

Mounting the filesystem

You will notice that all of the commands we used below are done with a normal user account, you can use “root” if needed but I would recommend sticking with your user account.  Now we need to create our SSHFS mount point, it is important that the user that will do the sshfs mount be part of the group “fuse”, otherwise you will get this error message “fuse: failed to open /dev/fuse: Permission denied”. So, in the example below, we will create the mount point “remdir” in our home directory. We can then issue the “sshfs” command to log on the remote system with the user “jacques” and mount the remote directory named “/home/jacques”  on our local directory “/home/jacques/remdir”. The password of the user we selected will be prompted and then the sshfs filesystem will be mounted. To confirm that the filesystem is mounted, we issue the “df -h” command.

[jacques@local ~]$ pwd
/home/jacques
[jacques@local ~]$ mkdir remdir

[jacques@local ~]$ sshfs jacques@remote_host:/home/jacques /home/jacques/workdir
jacques@remote_host's password: xxxxxxxxxx

[jacques@local ~]$ df -h /home/jacques/remdir
Filesystem                                 Size  Used Avail Use%  Mounted on
sshfs#jacques@remote_host:/home/jacques   1000G    0  1000G   0%  /home/jacques/remdir
[jacques@local ~]$

You will notice that the data of the filesystem presented by the “df -h” is wrong, this seems to be normal at this point and do not cause any problem. Every test I made, I would get the same value so don’t rely on these number. If you do not specify the remote directory, the HOME directory is use.

Unmounting the filesystem

When you need to unmount the filesystem, we will use the “fusermount” command with the “-u” parameter.

[jacques@local ~]$ fusermount -u /home/jacques/remdir

Hope that you have found this article interesting. The Secure Shell Filesystem may become handy is some situation. So keep coming back, I have a lot of ideas for new articles (but not much time) and I hope to see you soon.

Categories: Network, Storage