Loading
Accessing Remote Files Easily and Securely
The secure shell, ssh, and its companion, scp, are tools that I use more or less on a daily basis. Being able to move files between machines without having to setup SAMBA or NFS is very handy when working with multiple systems. All that you need is to enable the secure shell daemon - sshd.
Before we go into the details of the sshfs, let's run through a quick re-cap of ssh. The secure shell daemon runs on port 22 by default. It makes it possible to run an encrypted shell session. With the -Y flag, you can even run X11-forwarding, allowing you to run X11, i.e. graphical, programs on the remote machine and displaying the windows on the terminal that you are sitting at.
You can configure sshd through the /etc/ssh/sshd_config file (that is the location on my Kubuntu machine). Here, you can disable root access, older protocols, X11 forwarding, etc. The notion is that the more limits you put on the remote access, the more secure your system is from potential attacks. You might also want to tune your hosts.allow and hosts.deny files if you plan to expose sshd to the Internet. There are many guides on hardening servers and ssh, so I will not go into details.
To get things up and running, what you need to do is to install sshd. In Ubuntu, that means the openssh-server package. For external access, you also need to enable port forwarding of port 22 in your router/firewall and find your external IP. Now, you should be able to log onto your machine using your normal user credentials.
$ ssh user@192.168.1.100 user@192.168.1.200's password:
Having entered the password, you should now have full access to the remote system.
The handy scp command, secure copy, works in much the same way. To copy the file test.txt to user's remote home directory, simply enter:
$ scp test.txt user@192.168.1.100:
As before, you will be prompted for a password. You can copy the other way around as well. The command below demonstrates how to copy a file with an absolute path, i.e. not in the home directory of user, to your local machine.
$ scp user@192.168.1.100:/var/log/messages remote-messages
These two commands means that you can browse the file system, and freely copy files between machines. What sshfs does is that it exposes this functionality as a file system that you can mount. Before we look into how, let's have a quick look at sshfs.
The sshfs is implemented using FUSE, and relies on the sftp part of ssh to access the remote computer. As a remote file access protocol, sshfs is not very good. For instance, multiple users writing to the same file at once can create havoc. The benefits are the inherit security and that it is easy to setup.
So, how to use it. Let's look at a very short demonstration.
$ sshfs user@192.168.1.100: remote-home $ ls remote-home Desktop Documents Downloads Music $ fusermount -u remote-home
The initial sshfs command mounts the user's home directory to remote-home. You can specify another path after the colon to mount any other part of the remote file system. Access is only restricted by user's access rights.
Using ls, or any other ordinary command, will work as if the remote home directory was mounted locally. All tools work. For instance, you can log onto your remote machine and build software using your locally installed setup of build tools.
To unmount the filesystem, the fusermount command from the FUSE utilities package is used.
To summarize, sshfs an easy setup remote file access tool. It needs to be used with care if multiple users are involved. It makes it dead easy to temporarily access remote file systems, as well as mounting file systems from virtual machines for easier access and monitoring, as well as for remote installation, compilation and debugging. All-in-all, one of the tools I always keep handy in my toolbox.
______________________
Johan Thelin is a consultant working with Qt, embedded and free
software. On-line, he is known as e8johan.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- New Products
- RSS Feeds
- Tech Tip: Really Simple HTTP Server with Python
- Epistle
51 min 25 sec ago - Automatically updating Guest Additions
2 hours ago - I like your topic on android
2 hours 46 min ago - Reply to comment | Linux Journal
3 hours 7 min ago - This is the easiest tutorial
9 hours 22 min ago - Ahh, the Koolaid.
15 hours 39 sec ago - git-annex assistant
21 hours 17 sec ago - direct cable connection
21 hours 22 min ago - Agreed on AirDroid. With my
21 hours 33 min ago - I just learned this
21 hours 37 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
But you need to be root...
But you need to be root... in order to mount a file system on your local machine...
I am afraid your $ sign in front of your commands is a little bit misleading, or at least use a "sudo" before commands.
Anyway, I didn't know sshfs and I have to say it is pretty handy, thanks for sharing!
Ciao.
I'm not sure that the root /
I'm not sure that the root / sudo requirement holds true in all setups. I'm pretty sure that can do sshfs mounts in my Kubuntu installation as my ordinary user (on vacation now, so I cannot check to make 100% sure).
Johan Thelin is a consultant working with Qt, embedded and free
software. On-line, he is known as e8johan.
Missing words?
I think the line "These two commands means that you can browse the file system freely copy files between machines" is missing something, maybe a comma or "and"?
Nice article, thanks!
Thanks! I'll fix it.
Thanks! I'll fix it.
Johan Thelin is a consultant working with Qt, embedded and free
software. On-line, he is known as e8johan.
Spaces in file names
scp and sshfs are truly sweet quick and dirty tools.
I've been using sshfs for years for mounting my remote folder filled with music so the local music player on the laptop connect not to the unsynced local storage but directly to the source (, yo!).
I just haven't figured out how to make scp accept spaces in file names. On Linux filesystems i usually don't use spaces in file names but copying anything out of a Wintendo parition is bound to have a space in the filepath...
Tripple escape
What you need to do is to escape the space with a backslash, but you need to do it twice. Once for the local machine and once for the remote. To add the second backslash, you need to escape it as well. This means that you will have to use tripple backslashes for each space, e.g. 192.168.1.100:monty\\\ python.
Johan Thelin is a consultant working with Qt, embedded and free
software. On-line, he is known as e8johan.
try this\ is_windows\
try this\ is_windows\ file_with\ spaces
Typo in Story
Shouldn't line in story:
$ user@192.168.1.100:/var/log/messages remote-messages
Read as:
$ scp user@192.168.1.100:/var/log/messages remote-messages
It should. Thank you! I'll
It should. Thank you! I'll have it fixed.
Johan Thelin is a consultant working with Qt, embedded and free
software. On-line, he is known as e8johan.