SSH (Secure Shell) is a protocol used to establish an encrypted connection with a remote machine using a client-server model: the ssh server runs on the machine we want to access remotely, while a client is used on the machines from which we want to connect. Thanks to sshfs, we can use an existing SSH connection to mount a remote directory in a secure way, without using additional services like NFS or Samba.
In this tutorial we learn how to install sshfs and how to use it to mount a remote directory over SSH on Linux.
In this tutorial you will learn:
- How to install sshfs on some of the major Linux distributions
- How to mount a remote directory using sshfs
- How to automatically mount a remote directory at boot over ssh
- How to specify an alternative port for the connection
- How to unmount the remote directory with fusermount
|Category||Requirements, Conventions or Software Version Used|
|Other||Administrative privileges are needed to install required packages|
|Conventions||# – requires given linux-commands to be executed with root privileges either directly as a root user or by use of
Since sshfs is free and open source software available in the official repositories of all the major Linux distribution, installing it it’s just a matter of using the appropriate package manager. We summarized the installation instructions in the following table:
$ sudo apt install sshfs
$ sudo dnf install fuse-sshfs
$ sudo pacman -S sshfs
Once sshfs is installed, we can see how to use it to mount a remote filesystem over an ssh connection.
The sshfs syntax
The sshfs syntax is very intuitive if you are familiar with ssh:
sshfs [user@]host:[dir] mountpoint [options]
In the most simple case, we invoke
sshfsproviding just the hostname (or the IP address) of the ssh server we want to connect to and the local directory to be used as mount point.
We can optionally specify the user we want to connect as (the local username is used by default), and the server directory we want to mount (if we omit this parameter, sshfs assumes we want to mount the remote user’s home directory). Finally, we can pass a comma-separated list of mount options as argument to
Mounting a remote directory over ssh
Let’s see an example of how to use sshfs to mount a remote directory on our local system. The recommended way to invoke sshfs is as a standard user, without root privileges. This implies that we need to use a directory owned by our local user as mount point.
Suppose we have a running SSH server with IP 192.168.0.39, and we want to mount the remote
/mnt/datadirectory locally on
~/sshfs_mountpoint. While the local user is “tux”, we connect to the server as the “doc” user, using the standard SSH port (22). The local user is identified by the uid 1001 on the local system, while “doc” has uid 1000 on the remote one.
First we create the mount point directory inside our home:
$ mkdir /home/tux/sshfs_mountpoint
Than, to mount the remote directory we invoke sshfs in the following way:
$ sshfs firstname.lastname@example.org:/mnt/data /home/tux/sshfs_mountpoint
If the command is executed without errors, the content of the remote
/mnt/data directory becomes accessible under the local directory:
$ ls /home/tux/sshfs_mountpoint
The privileges we have on the remote directory are the privileges the remote user has: by default local permissions are ignored by sshfs.
This means that even if the uid of the local user and the remote one doesn’t match, as in this case, and the remote directory is writable only by the latter, we are still able to perform the operation. By default, when we do something inside the mounted directory, we do it as the remote user we connected as.
Allowing other users access to the mount point
As we saw in the previous example, once the remote directory is mounted, we are able to access its content without problems. If we try to access it as another user, even as root, however, we fail:
$ sudo ls /home/tux/sshfs_mountpoint
ls: cannot access '/home/tux/sshfs_mountpoint': Permission denied
Why this happens? This error is due to the fact that, by default, only the user which performs the mount is allowed to access the mounted filesystem. In the example above, we invoked
sshfscommand as the “tux” user, therefore we can only access the mounted filesystem as that user.
In order to change this behavior, and allow any user to access the mount point, we must pass the
allow_other option when using sshfs. In order to use that option as a standard user, we first need to edit the
/etc/fuse.conf file, and remove the comment from the
# mount_max = 1000
As we previously said, mount options are passed as argument to
-o, so we run:
$ sshfs email@example.com:/mnt/data /home/tux/sshfs_mountpoint -o allow_other
We should now be able to access the remote directory as any local user (which is allowed to reach the mount point locally, of course). With this setup, any local user will able to perform every action the remote user is entitled to perform on the remote directory. To restrict this behavior, another option,
default_permissions, can be used. This option changes the sshfs behavior, so that it takes local permissions into account.
Suppose we mount the remote directory with both options:
$ sshfs firstname.lastname@example.org:/mnt/data /home/tux/sshfs_mountpoint -o allow_other,default_permissions
With this configuration, all users can potentially access the locally mounted remote directory; what they can do on it, however, becomes dependent also on their local identity. Supposing the remote directory to be writable only by its owner: “doc”. The local “tux” user we are using to run sshfs, would not be able to create a file into it, since its uid is different from that of the remote one (tux: 1001 vs doc: 1000).
Using an alternative port for the ssh connection
sshfs assumes the remote SSH server is listening on port
22. In some cases, another port may be used, for various reasons. In such cases, all we have to do is to use the
-p option, and pass the number of the port as its argument. Supposing the server to be listening on port
15432, for example, we would run:
$ sshfs email@example.com:/mnt/data /home/tux/sshfs_mountpoint -p15432
Mounting the remote directory on boot
In order for the remote directory to automatically be mounted on boot, we need to add a dedicated line for it in the
/etc/fstab file (take a look at this tutorial about how fstab works, if you are not familiar with the syntax used in the file). Here is how the line should look like, in this case:
firstname.lastname@example.org:/mnt/data /home/tux/sshfs_mountpoint fuse.sshfs defaults,IdentityFile=/home/tux/.ssh/id_rsa,allow_other,default_permissions 0 0
There are few things to notice here. The first one is that we used
fuse.sshfs as filesystem type. The second is that we used the
IdentityFile mount option to provide the path of an SSH key. We did this because the auto-mounting of a directory at boot is not an interactive operation, therefore we need to use a passwordless ssh key to connect to the server. Here I assumed the key to be in the
id.rsa file, which is found in the
It goes by itself that the key should be authorized on the server for it to work, and the public key of the server should be placed in the
authorized_keysfile of the user we are connecting as, so root in this case (/root/.ssh/authorized_keys).
The other thing to notice is that we also used the
allow_other option. This is needed because the mount operation on boot is performed as the root user, and if we don’t use the option, as we previously saw, only the root user himself, would be able to access the mount point.
Unmounting the remote directory
Since sshfs uses FUSE (Filesystem in Userspace), to unmount a remote directory we mounted using the utility as a non-root user, we must use the
fusermount command, with the
-u option and pass the mountpoint as argument. In this case to umount the remote directory mounted on
/home/tux/sshfs_mountpoint, we would run:
$ fusermount -u /home/tux/sshfs_mountpoint
Notice that with this command we can only unmount directories mounted by our user. If the mount operation has been performed by another user, as happens for example at boot, to unmount the remote directory we need elevated privileges.
In this tutorial we learned how to use sshfs to mount a remote directory over an SSH connection. We saw how to install the utility on some of the most used Linux distributions, how to mount a remote directory, and how to use the “allow_other” and “default_permissions” options to change the sshfs default behavior. We also saw how to specify an alternative port for the connection, and how to automatically mount a remote directory on boot. Finally, we saw how to unmount a remote directory using the “fusermount” command.