How to mount a remote filesystem over SSH with sshfs

SSH (Secure Shell) is a protocol used to establish an encrypted connection with a remote machine using a client-server model: the ssh server runs on the machine we want to access remotely, while a client is used on the machines from which we want to connect. Thanks to sshfs, we can use an existing SSH connection to mount a remote directory in a secure way, without using additional services like NFS or Samba.

In this tutorial we learn how to install sshfs and how to use it to mount a remote directory over SSH on Linux.

In this tutorial you will learn:

  • How to install sshfs on some of the major Linux distributions
  • How to mount a remote directory using sshfs
  • How to automatically mount a remote directory at boot over ssh
  • How to specify an alternative port for the connection
  • How to unmount the remote directory with fusermount
How to mount a remote filesystem over SSH with sshfs
How to mount a remote filesystem over SSH with sshfs

Category Requirements, Conventions or Software Version Used
System Distribution independent
Software ssh, sshfs
Other Administrative privileges are needed to install required packages
Conventions # – requires given linux-commands to be executed with root privileges either directly as a root user or by use of sudo command $ – requires given linux-commands to be executed as a regular non-privileged user

Installation

Since sshfs is free and open source software available in the official repositories of all the major Linux distribution, installing it it’s just a matter of using the appropriate package manager. We summarized the installation instructions in the following table:

Distribution Installation command
Debian/Debian-based
$ sudo apt install sshfs
Fedora/Fedora-based
$ sudo dnf install fuse-sshfs
Archlinux
$ sudo pacman -S sshfs

Once sshfs is installed, we can see how to use it to mount a remote filesystem over an ssh connection.

The sshfs syntax

The sshfs syntax is very intuitive if you are familiar with ssh:

sshfs [user@]host:[dir] mountpoint [options]



In the most simple case, we invoke sshfs providing just the hostname (or the IP address) of the ssh server we want to connect to and the local directory to be used as mount point.

We can optionally specify the user we want to connect as (the local username is used by default), and the server directory we want to mount (if we omit this parameter, sshfs assumes we want to mount the remote user’s home directory). Finally, we can pass a comma-separated list of mount options as argument to -o.

Mounting a remote directory over ssh

Let’s see an example of how to use sshfs to mount a remote directory on our local system. The recommended way to invoke sshfs is as a standard user, without root privileges. This implies that we need to use a directory owned by our local user as mount point.



Suppose we have a running SSH server with IP 192.168.0.39, and we want to mount the remote /mnt/data directory locally on ~/sshfs_mountpoint. While the local user is “tux”, we connect to the server as the “doc” user, using the standard SSH port (22). The local user is identified by the uid 1001 on the local system, while “doc” has uid 1000 on the remote one.

First we create the mount point directory inside our home:

$ mkdir /home/tux/sshfs_mountpoint

Than, to mount the remote directory we invoke sshfs in the following way:

$ sshfs doc@192.168.0.39:/mnt/data /home/tux/sshfs_mountpoint

If the command is executed without errors, the content of the remote /mnt/data directory becomes accessible under the local directory:

$ ls /home/tux/sshfs_mountpoint
file1.txt
file2.txt

The privileges we have on the remote directory are the privileges the remote user has: by default local permissions are ignored by sshfs.

This means that even if the uid of the local user and the remote one doesn’t match, as in this case, and the remote directory is writable only by the latter, we are still able to perform the operation. By default, when we do something inside the mounted directory, we do it as the remote user we connected as.

Allowing other users access to the mount point

As we saw in the previous example, once the remote directory is mounted, we are able to access its content without problems. If we try to access it as another user, even as root, however, we fail:

$ sudo ls /home/tux/sshfs_mountpoint
ls: cannot access '/home/tux/sshfs_mountpoint': Permission denied



Why this happens? This error is due to the fact that, by default, only the user which performs the mount is allowed to access the mounted filesystem. In the example above, we invoked sshfs command as the “tux” user, therefore we can only access the mounted filesystem as that user.

In order to change this behavior, and allow any user to access the mount point, we must pass the allow_other option when using sshfs. In order to use that option as a standard user, we first need to edit the /etc/fuse.conf file, and remove the comment from the use_allow_other line:

# mount_max = 1000
user_allow_other

As we previously said, mount options are passed as argument to -o, so we run:

$ sshfs doc@192.168.0.39:/mnt/data /home/tux/sshfs_mountpoint -o allow_other

We should now be able to access the remote directory as any local user (which is allowed to reach the mount point locally, of course). With this setup, any local user will able to perform every action the remote user is entitled to perform on the remote directory. To restrict this behavior, another option, default_permissions, can be used. This option changes the sshfs behavior, so that it takes local permissions into account.

Suppose we mount the remote directory with both options:

$ sshfs doc@192.168.0.39:/mnt/data /home/tux/sshfs_mountpoint -o allow_other,default_permissions

With this configuration, all users can potentially access the locally mounted remote directory; what they can do on it, however, becomes dependent also on their local identity. Supposing the remote directory to be writable only by its owner: “doc”. The local “tux” user we are using to run sshfs, would not be able to create a file into it, since its uid is different from that of the remote one (tux: 1001 vs doc: 1000).

Using an alternative port for the ssh connection

By default, sshfs assumes the remote SSH server is listening on port 22. In some cases, another port may be used, for various reasons. In such cases, all we have to do is to use the -p option, and pass the number of the port as its argument. Supposing the server to be listening on port 15432, for example, we would run:

$ sshfs doc@192.168.0.39:/mnt/data /home/tux/sshfs_mountpoint -p15432

Mounting the remote directory on boot

In order for the remote directory to automatically be mounted on boot, we need to add a dedicated line for it in the /etc/fstab file (take a look at this tutorial about how fstab works, if you are not familiar with the syntax used in the file). Here is how the line should look like, in this case:

doc@192.168.0.39:/mnt/data /home/tux/sshfs_mountpoint fuse.sshfs defaults,IdentityFile=/home/tux/.ssh/id_rsa,allow_other,default_permissions 0 0

There are few things to notice here. The first one is that we used fuse.sshfs as filesystem type. The second is that we used the IdentityFile mount option to provide the path of an SSH key. We did this because the auto-mounting of a directory at boot is not an interactive operation, therefore we need to use a passwordless ssh key to connect to the server. Here I assumed the key to be in the id.rsa file, which is found in the /home/tux/.ssh directory.



It goes by itself that the key should be authorized on the server for it to work, and the public key of the server should be placed in the authorized_keys file of the user we are connecting as, so root in this case (/root/.ssh/authorized_keys).

The other thing to notice is that we also used the allow_other option. This is needed because the mount operation on boot is performed as the root user, and if we don’t use the option, as we previously saw, only the root user himself, would be able to access the mount point.

Unmounting the remote directory

Since sshfs uses FUSE (Filesystem in Userspace), to unmount a remote directory we mounted using the utility as a non-root user, we must use the fusermount command, with the -u option and pass the mountpoint as argument. In this case to umount the remote directory mounted on /home/tux/sshfs_mountpoint, we would run:

$ fusermount -u /home/tux/sshfs_mountpoint 

Notice that with this command we can only unmount directories mounted by our user. If the mount operation has been performed by another user, as happens for example at boot, to unmount the remote directory we need elevated privileges.

Conclusions

In this tutorial we learned how to use sshfs to mount a remote directory over an SSH connection. We saw how to install the utility on some of the most used Linux distributions, how to mount a remote directory, and how to use the “allow_other” and “default_permissions” options to change the sshfs default behavior. We also saw how to specify an alternative port for the connection, and how to automatically mount a remote directory on boot. Finally, we saw how to unmount a remote directory using the “fusermount” command.



Comments and Discussions
Linux Forum