SSHFS (简体中文)
SSHFS 是一个通过 SSH 挂载基于 FUSE 的文件系统的客户端程序。
Contents
安装
挂载
In order to be able to mount a directory the SSH user needs to be able to access it.
Invoke sshfs
to mount a remote directory:
$ sshfs [user@]host:[dir] mountpoint [options]
For example:
$ sshfs sessy@mycomputer:/remote/path /local/path -C -p 9876 -o allow_other
Where -p 9876
stands for the port number, -C
enables compression and -o allow_other
grants non-rooted users read/write access.
必要时,SSH 将询问口令。如果你不希望频繁输入口令,可参阅:SSH 如何使用 RSA 密钥做认证 或 SSH 密钥。
卸载
To unmount the remote system:
$ fusermount -u LOCAL_MOUNT_POINT
Example:
$ fusermount -u /mnt/sessy
Chrooting
You may want to jail a (specific) user to a directory by editing /etc/ssh/sshd_config
:
/etc/ssh/sshd_config
..... Match User someuser ChrootDirectory /chroot/%u ForceCommand internal-sftp #to restrict the user to sftp only AllowTcpForwarding no X11Forwarding no .....
See also SFTP chroot. For more information check the manpages for Match, ChrootDirectory
and ForceCommand
.
助手程序
If you often need to mount sshfs filesystems you may be interested in using an sshfs helper, such as sftpman.
It provides a command-line and a GTK frontend, to make mounting and unmounting a simple one click/command process.
自动挂载
Automounting can happen on boot, or on demand (when accessing the directory). For both, the setup happens in /etc/fstab
.
On demand
With systemd on-demand mounting is possible using /etc/fstab
entries.
Example:
user@host:/remote/folder /mount/point fuse.sshfs noauto,x-systemd.automount,_netdev,users,idmap=user,IdentityFile=/home/user/.ssh/id_rsa,allow_other,reconnect 0 0
The important mount options here are noauto,x-systemd.automount,_netdev.
- noauto tells it not to mount at boot
- x-systemd.automount does the on-demand magic
- _netdev tells it that it is a network device, not a block device (without it "No such device" errors might happen)
引导时挂载
An example on how to use sshfs to mount a remote filesystem through /etc/fstab
USERNAME@HOSTNAME_OR_IP:/REMOTE/DIRECTORY /LOCAL/MOUNTPOINT fuse.sshfs defaults,_netdev 0 0
Take for example the fstab line
llib@192.168.1.200:/home/llib/FAH /media/FAH2 fuse.sshfs defaults,_netdev 0 0
The above will work automatically if you are using an SSH key for the user. See Using SSH Keys.
If you want to use sshfs with multiple users:
user@domain.org:/home/user /media/user fuse.sshfs defaults,allow_other,_netdev 0 0
Again, it is important to set the _netdev mount option to make sure the network is available before trying to mount.
安全用户访问
When automounting via /etc/fstab
, the filesystem will generally be mounted by root. By default, this produces undesireable results if you wish access as an ordinary user and limit access to other users.
An example mountpoint configuration:
USERNAME@HOSTNAME_OR_IP:/REMOTE/DIRECTORY /LOCAL/MOUNTPOINT fuse.sshfs noauto,x-systemd.automount,_netdev,user,idmap=user,follow_symlinks,identityfile=/home/USERNAME/.ssh/id_rsa,allow_other,default_permissions,uid=USER_ID_N,gid=USER_GID_N 0 0
Summary of the relevant options:
- allow_other - Allow other users than the mounter (i.e. root) to access the share.
- default_permissions - Allow kernel to check permissions, i.e. use the actual permissions on the remote filesystem. This allows prohibiting access to everybody otherwise granted by allow_other.
- uid, gid - set reported ownership of files to given values; uid is the numeric user ID of your user, gid is the numeric group ID of your user.
选项
sshfs can automatically convert your local and remote user IDs.
Add the idmap option with user value to translate UID of connecting user:
# sshfs -o idmap=user sessy@mycomputer:/home/sessy /mnt/sessy -C -p 9876
This will map UID of the remote user "sessy" to the local user, who runs this process ("root" in the above example) and GID remains unchanged. If you need more precise control over UID and GID translation, look at the options idmap=file and uidfile and gidfile.
排错
检查清单
Read the SSH Checklist Wiki entry first. Further issues to check are:
1. Is your SSH login sending additional information from server's /etc/issue
file e.g.? This might confuse SSHFS. You should temporarily deactivate server's /etc/issue
file:
$ mv /etc/issue /etc/issue.orig
2. Keep in mind that most SSH related troubleshooting articles you will find on the web are not Systemd related. Often /etc/fstab
definitions wrongly begin with sshfs#user@host:/mnt/server/folder ... fuse ...
instead of using the syntax user@host:/mnt/server/folder ... fuse.sshfs ... x-systemd, ...
.
3. Check that the owner of server's source folder and content is owned by the server's user.
$ chown -R USER_S: /mnt/servers/folder
4. The server's user ID can be different from the client's one. Obviously both user names have to be the same. You just have to care for the client's user IDs. SSHFS will translate the UID for you with the following mount options:
uid=USER_C_ID,gid=GROUP_C_ID
5. Check that the client's target mount point (folder) is owned by the client user. This folder should have the same user ID as defined in SSHFS's mount options.
$ chown -R USER_C: /mnt/client/folder
6. Check that the client's mount point (folder) is empty. By default you cannot mount SSHFS folders to non-empty folders.
7. If you want to automount SSH shares by using an SSH public key authentication (no password) via /etc/fstab
, you can use this line as an example:
USER_S@SERVER:/mnt/on/server /nmt/on/client fuse.sshfs x-systemd.automount,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/USER_C/.ssh/id_rsa,allow_other,default_permissions,uid=USER_C_ID,gid=GROUP_C_ID,umask=0 0 0
Considering the following example settings ...
SERVER = Server host name (serv) USER_S = Server user name (pete) USER_C = Client user name (pete) USER_S_ID = Server user ID (1004) USER_C_ID = Client user ID (1000) GROUP_C_ID = Client user's group ID (100)
you get the client user's ID and group ID with
$ id USERNAME
this is the final SSHFS mount row in /etc/fstab
;
pete@serv:/mnt/on/server /nmt/on/client fuse.sshfs x-systemd.automount,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/pete/.ssh/id_rsa,allow_other,default_permissions,uid=1004,gid=1000,umask=0 0 0
8. If you know another issue for this checklist please add it the list above.
Connection reset by peer
- If you are trying to access the remote system with a hostname, try using its IP address, as it can be a domain name solving issue. Make sure you edit
/etc/hosts
with the server details. - If you are using non-default key names and are passing it as
-i .ssh/my_key
, this will not work. You have to use-o IdentityFile=/home/user/.ssh/my_key
, with the full path to the key. - If your
/root/.ssh/config
is a symlink, you will be getting this error as well. See this serverfault topic - Adding the option '
sshfs_debug
' (as in 'sshfs -o sshfs_debug user@server ...
') can help in resolving the issue. - If that doesn't reveal anything useful, you might also try adding the option '
debug
' - If you are trying to sshfs into a router running DD-WRT or the like, there is a solution here. (note that the -osftp_server=/opt/libexec/sftp-server option can be used to the sshfs command in stead of patching dropbear)
- Old Forum thread: sshfs: Connection reset by peer
- Make sure your user can log into the server (especially when using AllowUsers)
- Make sure
Subsystem sftp /usr/lib/ssh/sftp-server
is enabled in/etc/ssh/sshd_config
.
远程主机连接断开(Remote host has disconnected)
If you receive this message directly after attempting to use sshfs:
- First make sure that the remote machine has sftp installed! It will not work, if not.
- Then, try checking the path of the
Subsystem
listed in/etc/ssh/sshd_config
on the remote machine to see, if it is valid. You can check the path to it withfind / -name sftp-server
.
For Arch Linux the default value in /etc/ssh/sshd_config
is Subsystem sftp /usr/lib/ssh/sftp-server
.
冻结应用(Freezing apps (e.g. Gnome Files, Gedit))
If you experience freezing/hanging (stopped responding) applications, you may need to disable write-access to the ~/recently-used.xbel
file.
# chattr +i /home/USERNAME/.local/share/recently-used.xbel
See the following bug report for more details and/or solutions.
Shutdown hangs when sshfs is mounted
Systemd may hang on shutdown if an sshfs mount was mounted manually and not unmounted before shutdown. To solve this problem, create this file (as root):
/etc/systemd/system/killsshfs.service
[Unit] After=network.target [Service] RemainAfterExit=yes ExecStart=-/bin/true ExecStop=-/usr/bin/pkill sshfs [Install] WantedBy=multi-user.target
Then enable the service: systemctl enable killsshfs.service
fstab 挂载问题
To get verbose debugging output, add the following to the mount options:
ssh_command=ssh\040-vv,sshfs_debug,debug
To be able to run mount -av
and see the debug output, remove the following:
noauto,x-systemd.automount
参阅
- How to mount chrooted SSH filesystem, with special care with owners and permissions questions.
- SSHFS – Installation and Performance — Comparison with NFS and optimization tips.