SSH is a secure protocol for communicating between machines. SSHFS is a tool that uses SSH to enable mounting of a remote filesystem on a local machine; the network is (mostly) transparent to the user. Because SSHFS authenticates connections, you can be sure that only those who should have access to remote directories can mount them (as long as everything is configured properly). Because SSH encrypts connections, no one can see your files as they are transferred over the network. And because SSHFS is built using FUSE, even your own root user can only see your files by logging in to your account with `su`.
Installation and Setup
sudo gpasswd -a $USER fuse
Alternatively, GNOME users can go to System -> Administration -> Users and Groups -> (your user) -> Properties -> User Privileges, then tick the following option:
Allow use of fuse filesystems like LTSP Thin Client blockdevices
Adding yourself to the fuse group lets you use the
fusermount command, which is needed by the FUSE userland filesystem utility.
Once you have added yourself to the fuse group, you should log out and log back in again for the change to take effect.
Now, assuming that you have an SSH server running on a remote machine, simply run the SSHFS command to mount the remote directory. In this example, the remote directory is
/projects on remote host
far. The local mount point is `~/far_projects`.
mkdir ~/far_projects sshfs -o idmap=user [email protected]:/projects ~/far_projects
fusermount -u ~/far_projects
To add it to your
sshfs#[email protected]:/projects /home/$USER/far_projects fuse defaults,idmap=user 0 0
Note that you have to change $USER to your login name when editing
fstab, but it is not necessary when typing commands (the shell does it for you in that case).
One thing to be aware of is that your UID (User ID, the unique number of your user on a system) is not necessarily the same on the two hosts. When you
ls -l, the user name associated with each file is printed in the third column. However, in the filesystem, only UIDs are stored, and
ls simply looks up the UID and finds the user name associated with it. In Unix, UIDs are what matter, not the user names. So if you're 1000 on the local host and 1003 on the remote host, the sshfs mounted directory would show a different user name for your files. This is not a problem, though, because the ssh server on the remote machine is what is actually reading and writing files. So even though it shows up in
ls -l as a different UID, any changes will be done through the ssh server on the remote host, which will use the correct UID for the remote machine. Problems may arise if you attempt to use a program that looks at UIDs of files (e.g.
ls prints the wrong user name).
The `idmap=user` option ensures that files owned by the remote user are owned by the local user. If you don't use `idmap=user`, files in the mounted directory might appear to be owned by someone else, because your computer and the remote computer have different ideas about the numeric user ID associated with each user name. `idmap=user` will not translate UIDs for other users.
GUI (Graphical User Interface) for SSHFS
Your ssh session will automatically log out if it is idle. To keep the connection active (alive) add this to ~/.ssh/config or to /etc/ssh/ssh_config on the client.
This will send a "keep alive" signal to the server every 5 seconds. You can usually increase this interval, and I use 120.
- This page is based off of this howto.