Mounting remote filesystems using SSH
Posted by Steve on Wed 13 Oct 2004 at 16:49
OpenSSH can be used for many things, from connecting to remote hosts to transferring files securely. Thanks to a new kernel module shfs it is possible use it to mount remote filesystems securely.
Using SSH to mount a remote filessytem means that you can edit files on a remote machine by using local utilities which you might not necessarily have available remotely.
If you're using a KDE Desktop system you can directly browse remote filesystems by using the sftp protocol, as explained in this simple introduction.
This is great if the applications you are using are KDE based, but it doesnt help if are using GNOME or if you wish to edit files using a console based application.
Enter shfs, the ssh-file-system. shfs is a Linux kernel module which allow you to mount a remote filesystem using SSH as the transport.
To install is very simple on a Debian Unstable system.
First of all download the package source code and a couple of helper programs:
root@undecided:~# apt-get install shfs-source shfs-utils module-assistant
(The module is downloaded as source code because it must be rebuilt to match the kernel you are currently running, just like the NVidia kernel module.)
Then use the module assistant to build the kernel module to match your local system. This works if you're running either a v2.4.x kernel or a newer v2.6.x one.
root@undecided:~# module-assistant build shfs
This will show you a blue screen with a progress bar, and status updates as it builds. Once this is done you can install it:
root@undecided:~# module-assistant install shfs (Reading database ... 87702 files and directories currently installed.) Preparing to replace shfs-module-2.4.27-1-k7 0.35-1+2.4.27-2 (using .../shfs-module-2.4.27-1-k7_0.35-1+2.4.27-2_i386.deb) ... Unpacking replacement shfs-module-2.4.27-1-k7 ... Setting up shfs-module-2.4.27-1-k7 (0.35-1+2.4.27-2) ...
You might see an error message like the one below after running the install step. It's harmless and can be ignored:
depmod: *** Unresolved symbols in /lib/modules/2.4.26-1-686/shfs/shfs.o
Then comes the moment of truth, we test it.
Create a mount point and attempt to mount a filesystem:
root@undecided:~# mkdir /mnt/remote root@undecided:~# shfsmount skx@sun:/var/www /mnt/remote Password: root@undecided:~# cd /mnt/remote/ root@undecided:/mnt/remote# ls Effective-C++ analog fwanalog isoqlog phpsysinfo tor Reference calamaris index.html jeff_wayne stats uptimes.html
The filesystem is mounted and we can edit the files which are present there!
To unmount the filesystem run:
root@undecided:/mnt/remote# cd .. root@undecided:/mnt# umount /mnt/remote
If you wish to be able to run this after you've rebooted you will need to make sure the module is added to the list of modules to load when your machine boots.
To do this add shfs to the bottom of the file /etc/modules:
root@undecided:/mnt# echo 'shfs' >> /etc/modules
You can add a shfs mount to your /etc/fstab too, for example:
jg@ssh.remote /mnt/remote shfsSo now you can just do
mount /mnt/tardisjust like a regular local filesystem.
[ Parent | Reply to this comment ]
I've tried the fstab approach, but did not seem to work --though it works when I do it manually.
Here is the representation in my fstab; shouldn't there be a password in there, such as:
< username > : < password > @ < remote_host > :/ < remote_path > / < mount_path > < TAB > shfs
or have I got it all wrong?
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
shfsmount: /mnt/solohome: Operation not permitted
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
This is a great piece of code. And thank you for this write-up. I do, however, get this message when I try to mount it: shfsmount: shfs filesystem not supported by the kernel I havent checked, do I have to reboot after installing the shfs module. Or, does the counterpart have to have shfs module in ints kernel too.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
No the remote server doesn't need do have anything special - just be running SSH. If you get a message like the kernel doesn't support it yet it sounds like you haven't installed the module properly. Did you receive errors when insmod'ing it?
-- Steve.org.uk
[ Parent | Reply to this comment ]
What do I 'insmod'? Here is what I get from 'module-assistant'
box01:~# module-assistant install shfs
(Reading database ... 118845 files and directories currently installed.)
Preparing to replace shfs-module-2.6.9-9-amd64-k8 0.35-1+2.6.9-1 (using .../shfs-module-2.6.9-9-amd64-k8_0.35-1+2.6.9-1_amd64.deb) ...
Unpacking replacement shfs-module-2.6.9-9-amd64-k8 ...
Setting up shfs-module-2.6.9-9-amd64-k8 (0.35-1+2.6.9-1) ...
box01:~# shfsmount root@172.16.X.X:/ /mnt/ssh_remote
root@172.16.0.1's password:
shfsmount: shfs filesystem not supported by the kernel
OK. So, I suppose I need to insmod it.
box01:~# insmod /lib/modules/2.6.9-9-amd64-k8/shfs/shfs.ko
Which gets back to me with
insmod: error inserting '/lib/modules/2.6.9-9-amd64-k8/shfs/shfs.ko': -1 Invalid module format
So, what is wrong?
Is it the fact that I am on kernel 2.6.9-9 or is it because it is a 64 bit machine.
Can you shed some light on this, please
BTW: Could you get a better WYSIWG kind of editor (i.e. I beg of you ) for mortals like us to write comments. Or, let us type in plain text and have it accepted as it is.
I spent an inordinate amount of time to put HTML tags into this text.
I am sure there is a simpler way to do that. But why; why do I need a crash-course in HTML just to write out this?
[ Parent | Reply to this comment ]
That's probably your problem.
SSH often has root logon disabled
try with a non-root user
[ Parent | Reply to this comment ]
What do I 'insmod'? Here is what I get from 'module-assistant'
box01:~# module-assistant install shfs
(Reading database ... 118845 files and directories currently installed.)
Preparing to replace shfs-module-2.6.9-9-amd64-k8 0.35-1+2.6.9-1 (using .../shfs-module-2.6.9-9-amd64-k8_0.35-1+2.6.9-1_amd64.deb) ...
Unpacking replacement shfs-module-2.6.9-9-amd64-k8 ...
Setting up shfs-module-2.6.9-9-amd64-k8 (0.35-1+2.6.9-1) ...
box01:~# shfsmount root@172.16.X.X:/ /mnt/ssh_remote
root@172.16.0.1's password:
shfsmount: shfs filesystem not supported by the kernel
OK. So, I suppose I need to insmod it.
box01:~# insmod /lib/modules/2.6.9-9-amd64-k8/shfs/shfs.ko
Which gets back to me with
insmod: error inserting '/lib/modules/2.6.9-9-amd64-k8/shfs/shfs.ko': -1 Invalid module format
So, what is wrong?
Is it the fact that I am on kernel 2.6.9-9 or is it because it is a 64 bit machine.
Can you shed some light on this, please
BTW: Could you get a better WYSIWG kind of editor (i.e. I beg of you ) for mortals like us to write comments. Or, let us type in plain text and have it accepted as it is.
I spent an inordinate amount of time to put HTML tags into this text.
I am sure there is a simpler way to do that. But why; why do I need a crash-course in HTML just to write out this?
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
insmod: error inserting ... -1 Invalid module format
This is the problem, the filesystem isn't supported because your module failed to load.
A google search on that error shows that it seems to occur if the kernel you are running doesn't match the header files you built the module against.
Is there anything interesting in the output to dmesg, and are you sure the package of your kernel and the kernel headers match? If you have more than one kernel header package you might need to adjust the symbolic link in /usr/src.
The code should work on 2.6.9, and it should also work on non-x86 archs.
(As to the editor yes I will look at improving that. Plain text should work if you ignore formatting nicities).
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
So is pre-formatted text.
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Nope. It still wraps them up [unlike the preview window].
One more thing: Can you put some sort of link so that I can go back to the actual article I wrote a comment to --not the fron page.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Lot of work building sites, all the little things you think you will do later people spot straight away!
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
shfs: version magic '2.6.9-9-amd64-k8 gcc-3.3' should be '2.6.9-9-amd64-k8 gcc-3.4'
If it is just that typo thing, I suppose I could correct it, here. Though I'd rather not --me being not the most skilled module source modifier :->
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
-- Steve.org.uk
[ Parent | Reply to this comment ]
That fixed my issue as well.
- I'd upgraded GCC since building the kernel.
- The kernel source directory was apparently "unconfigured".
cat /proc/version
reveals the GCC version used to compile the kernel.
# Fix the GCC version to match /proc/version export CC=gcc-3.3 # Configure the source directory cd ~srw/linux-2.6.11.6 make menuconfig # accept current config make prepare # Tell module assistant where to find the kernel sources module-assistant --kernel-dir=/home/srw/linux-2.6.11.6/ build shfs
Is that what you'd expect for a bespoke kernel? Maybe module-assistant should check GCC version and warn if they are different? Or is this expecting too much?
[ Parent | Reply to this comment ]
I have the same problem as you and solve it in the following way:
frank:/usr/src# dpkg -i shfs-module-2.6.8-2-686-smp_0.35-1+2.6.8-15_i386.deb
[ Parent | Reply to this comment ]
Does this have the same problems as smbmount etc that it authenticates as a single user and then presents the mounted filesystem on "client" host for everyone to access and has the mounter's permissions on the "server" thus crushing related auth trails, accounting etc?
As long as Linux doesn't have private inheritable per-process (-tree) vfs views, this seems a bloody stupid idea to me.
[ Parent | Reply to this comment ]
No one suggested that this should be some sort of magic replacement for NFS or whatnot, merely a tool to add to the collection for those times when this makes sense.
Of which, personally speaking, there are many. Like being able to attach my home directory at my house to my computer at the office.
[ Parent | Reply to this comment ]
its not supposed to be a nfs/smb replacement anyway, i think its brilliant.
[ Parent | Reply to this comment ]
One gotcha that made me scratch my baldspot there for a minute:
utumno:/usr/bin# shfsmount leszek@3miasto.net:~/jpgs /mnt
leszek@3miasto.net's password:
utumno:/usr/bin# cd /mnt
utumno:/mnt# ls -l
total 0
utumno:/mnt# ssh -l leszek 3miasto.net
leszek@3miasto.net's password:
Last login: Thu Mar 10 05:32:42 2005 from ************
NetBSD 2.0 (3miasto.net) #0: Wed Jan 5 01:24:47 CET 2005
leszek@serwer.3miasto.net::/home/zn/leszek> cd jpgs
leszek@serwer.3miasto.net::/home/zn/leszek> ls
082_good_advice.jpg Babymonkey.jpg Dzieci.pps Eskimo.pps
leszek@serwer.3miasto.net::/home/zn/leszek> exit
Connection to 3miasto.net closed.
utumno:/mnt# mount
/dev/hda3 on / type ext3 (rw,errors=remount-ro)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/hda6 on /home type reiserfs (rw)
/dev/hda5 on /windows type vfat (rw,umask=0,quiet)
usbfs on /proc/bus/usb type usbfs (rw)
leszek@3miasto.net:~/jpgs on /mnt type shfs (version=2,mnt=/mnt,fd=4)
As you can see, even though the remote location contains 4 files and according to mtab mount was successful, actually nothing got mounted !
Answer: my local $HOME is different than remote $HOME so
utumno:/usr/bin# shfsmount leszek@3miasto.net:~/jpgs /mnt
fails, but
utumno:/usr/bin# shfsmount leszek@3miasto.net:/home/zn/leszek/jpgs /mnt
leszek@3miasto.net's password:
utumno:/usr/bin# cd /mnt
utumno:/mnt# ls
082_good_advice.jpg Babymonkey.jpg Dzieci.pps Eskimo.pps
succeeds.
[ Parent | Reply to this comment ]
According to the author it's faster and has caching directory contents ability.
regards
fEnIo
[ Parent | Reply to this comment ]
apt-get install fuse-source sshfs
module-assistant build fuse
dpkg -i /path_printed_by_module_assistant/fuse-module-2.6.7_2.3.0-1_i386. deb
However I think shfsmount is better for me...
sshfs uses the remote uid/gids for files. Which makes it anoying for those of us with different uids on different systems. shfsmount uses the name of the user to map uid/gids.
shfsmount also does directory listing caching.
shfsmount has a bug with its --cmd= option. It is not passing arguments to the underlying ssh passed to --cmd=. Which means that fsh can not be used. Which is unfortunate :(, as I think this would really speed it up. fsh keeps an ssh tunnel open, and reuses that for multiple requests, reducing the latency by heaps, as no more connections need to be made.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
That's neat, thanks for the tip!
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
module-assistant prepare
This grabbed the appropriate headers for the new kernel. Then I ran:
module-assistant build shfs module-assistant install shfsand all was well.
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Yes, because it is a kernel module if you upgrade you will need to rebuild the module to match.
Only a minor issue as the rebuild is so simple, but certainly something to be aware of.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
SHFSMOUNT is working on my client mounting directories on hosts where I have shell access.
Now I also tried to connect to a host where I only have SFTP access (shell in /etc/passwd is a text-menu without shell access). In Konqueror I can transfer files to/from this host using:
sftp://user@host
Using SHFSMOUNT I get the error:
shfsmount: Cannot create connection
Also tried:
--cmd "ssh -s %u@%h sftp"
Result: same error
Thanks in advance,
Vincent
[ Parent | Reply to this comment ]
I also tried setting this option in fstab, such as:
user@host /mnt/point shfs -p,uid=user,gid=group,defaults 0 0
the -p option, is this the correct syntax in this situation?
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
From the command line you could use this, taken from the output of "man shfsmount":
shfsmount --persistent user@host /mnt/shfs
I found using the following in fstab worked for me:
user@host /mnt/point shfs --persistant,uid=user,gid=group,defaults 0 0
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
depmod: *** Unresolved symbols in
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o
last:/usr/src# modprobe fuse
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o:
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o: unresolved symbol
find_or_create_page_R92b6db7c
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o:
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o: unresolved symbol
vfs_readlink_Rc702ddf6
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o:
/lib/modules/2.4.27-powerpc/kernel/fs/fuse/fuse.o: unresolved symbol
send_sig_R748763fb
...
[ Parent | Reply to this comment ]
apt-get install shfs-source
m-a auto-install shfs-source
modprobe shfs
/mnt# shfsmount --persistent dweber@hurricane.ucsf.edu:/home/dweber /mnt/shfs
/mnt#
/mnt# ls /mnt/shfs/
-> /data/acetylcholine1/install/
-> /data/acetylcholine1/pub/dweber/cvsroot
-> /data/acetylcholine1/pub/dweber/thesis
-> /data/acetylcholine2/fmri/visSpatialNovelty/awu_fmri/
-> /data/acetylcholine2/freesurfer/subjects/
-> /data/acetylcholine2/mri
-> /data/acetylcholine2/nri/
-> /data/acetylcholine3/data_emse
-> /data/advaita/
-> /data/dnl4/brainstorm_repository
-> /data/dnl4/ctf_data/
-> /data/seahorse/bst/
-> /home/dweber/.DCOPserver_endorphin.ucsfmedicalcenter.org__1
-> /home/dweber/.DCOPserver_endorphin.ucsfmedicalcenter.org_endorphi n.ucsfmedicalcenter.org_1
-> /home/dweber/.DCOPserver_endorphin.ucsfmedicalcenter.org_endorphi n.ucsfmedicalcenter.org_2
-> /home/dweber/.DCOPserver_seahorse.ucsfmedicalcenter.org__1
-> /home/dweber/.DCOPserver_seahorse.ucsfmedicalcenter.org_seahorse. ucsfmedicalcenter.org_1
-> /home/ftp/ftp
I see all these pointers that all represent symbolic links on the mounted path and nothing else. Is it the case that any symbolic links in a mount path will disrupt the shfs mount? Why do I see these links and nothing else? Also, I get write errors when I try to
/mnt# cd /mnt/shfs
/mnt/shfs# cat > tmp.txt
test
cat: write error: Invalid argument
/mnt/shfs#
Could this have anything to do with the server? I am connecting to a solaris system that does support 'ssh -X' connections. These connections are over wireless from a laptop to a local wireless router to my ISP to the remote system. The mount target on the remote server is actually an nfs export from another system on the server-side LAN and I cannot connect directly to that system. Any idea what this is all about and how to track it down?
TIA!
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I'm wondering whether it's possible to mount a filesystem which is not directly on the internet?
E.g, server A handles the partition I want to mount on my local computer B. When logging on A, I have to go through server C. Is it possible to mount a partition of A onto B? Do I need admin permissions on C? and on B...?
[ Parent | Reply to this comment ]
I've found that every time shfsmount is upgraded by apt, I need to re-do `chmod +s /usr/bin/shfs{u}mount` in order to allow users to mount the directory.
Is there another way...?
Cheers
[ Parent | Reply to this comment ]
I just tried this and it works perfectly.
But i couldn't figure out how to mount if
my ssh is on different port.
I tried adding address:port:/mount /mount but wouldn't work
Anyone know?
[ Parent | Reply to this comment ]
And about sshfs, on slax I get remote ownership with it, so I can write in the mounted directory, lovely jovely. Not so on debian, though.
[ Parent | Reply to this comment ]