Debian 9: Install sshfs for SSH client

This article will describe installing sshfs for SSH client.

1 Install sshfs

Install sshfs package.

$ sudo apt install -y sshfs

2 Mount SSH with sshfs

Mount SSH to <path> with sshfs. You need write permission to <path>.

$ sshfs <server> <path>

This article mounts to $HOME/mnt.

$ mkdir $HOME/mnt
$ sshfs ssh-server.hiroom2.com:$HOME $HOME/mnt
The authenticity of host 'ssh-server.hiroom2.com
(192.168.11.96)' can't be established.
ECDSA key fingerprint is
SHA256:jnXzkA7FZ1MW7K2zr9lM87nLt/IxJBIqKyt9EMF7mbc.
Are you sure you want to continue connecting (yes/no)? yes
hiroom2@ssh-server.hiroom2.com's password:

$HOME in SSH server can be accessed.

$ ls $HOME/mnt
bin      Documents  examples.desktop  Pictures  src        Videos
Desktop  Downloads  Music             Public    Templates

3 Generate SSH key

Generate SSH key for accessing from root user on SSH client to root user on SSH server without password authentication.

Run ssh-keygen on SSH client for generating SSH key.

$ # Run the following command on SSH client.
$ sudo ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""
$ sudo cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3Nza<snip> root@ssh-client

Copy public key generated by ssh-keygen on SSH client to authorized_keys on SSH server.

$ # Run the following command on SSH server.
$ cat <<EOF | sudo tee /root/.ssh/authorized_keys
ssh-rsa AAAAB3Nza<snip> root@ssh-client
EOF

You need to access from SSH client to SSH server for adding SSH server fingerprint to known_hosts. This article disables checking finngerprint to SSH server.

$ # Run the following command on SSH client.
$ cat <<EOF | sudo tee /root/.ssh/config
Host 192.168.11.*
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

Host *.hiroom2.com
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
EOF

4 Mount SSH on boot

Add mount entry to /etc/fstab. For avoiding mounting NFS before network initialization, you need to add _netdev option. For making x-systemd.automount to mount NFS, you need to add x-systemd.automount to option.

$ SSH_SERVER=ssh-server.hiroom2.com
$ SSH_DIR=/
$ cat <<EOF | sudo tee -a /etc/fstab
${SSH_SERVER}:${SSH_DIR} /mnt fuse.sshfs _netdev,x-systemd.automount 0 0
EOF

For access with other user, use <user>@<server>. identityfile option changes SSH key. allow_other, uid and gid option changes ownership at mount point. But if home directory permission is 755, mount point will be accessed by other user.

$ OPT=_netdev,x-systemd.automount,identityfile=/home/hiroom2/.ssh/id_rsa
$ OPT=${OPT},allow_other,uid=hiroom2,gid=hiroom2
$ mkdir -p /home/hiroom2/mnt
$ cat <<EOF | sudo tee -a /etc/fstab
hiroom2@${SSH_SERVER}:/home/hiroom2 /home/hiroom2/mnt fuse.sshfs ${OPT} 0 0
EOF

For avoiding access by other user, change home directory permision to 700 or create 700 directory between home directory and mount point.

$ mkdir -p /home/hiroom2/guard/mnt
$ chmod 700 /home/hiroom2/guard
$ cat <<EOF | sudo tee -a /etc/fstab
hiroom2@${SSH_SERVER}:/home/hiroom2 /home/hiroom2/guard/mnt fuse.sshfs ${OPT} 0 0
EOF