Using SSHFS on your VPS

Secure Shell File System or SSHFS is one of the simplest and most secure ways to share entire directories across different systems.SSHFS ensures security by leveraging the established encryption and authentication mechanisms of SSH, safeguarding data during transit, and ensuring secure remote file access.

File sharing is possible with SFTP or SCP however, they are mostly suited for small amounts of files and may become rather tedious when interactive file work is needed. While achieving this is possible by setting up an SMB or NFS mount, both of these methods have extra requirements on the host's end and may bring about worries about security or added complexity.

Installing SSHFS and mounting a remote filesystem

SSHFS is available for most Linux distributions. In our case, we will be using Ubuntu as an example.

sudo apt update
sudo apt install sshfs

We now have all the required packages and can proceed with mounting a filesystem. We will need an empty directory to use as a mounting point. Most Linux distros have /mnt which you can use or you can create your own. We will create a directory for this example.

sudo mkdir sshfs

Now you can mount the remote directory using the following command:

sudo sshfs -o allow_other,default_permissions "user"@"client_IP":/mnt /sshfs

The path after the: is where on the client's system we want to mount the directory the second is the path to the directory we want to export.  As you can see the syntaxis is the same as SSH.

If you would like a more secure way to connect you are able to use RSA for authentication the same way you would with a normal SSH connection. Check out our guide on securing your VPS for more information on how to set up RSA keys for SSH.

Commonly Used Flags for SSHFS

Flag Description
-o IdentityFile=/path/to/private/key Specifies the identity file (private key) for authentication.
-o StrictHostKeyChecking=no Disables host key checking, useful for automation but less secure.
-o reconnect Automatically reconnects if the connection is lost.
-o cache=yes Enables caching for improved performance.
-o compression=yes Enables data compression for faster transfers.
-o allow_other Allows other users to access the mounted directory.
-o default_permissions Applies local file permissions to remote files.
-o ServerAliveInterval=30 Sends keep-alive messages to the server every 30 seconds.

You can test if everything works by creating a file in the shared directory and checking if it appears on the other system.

For example:

Host$: touch /sshfs/file

The output of  ls on client's side:

Client$: ls /mnt

Permanently mounting the filesystem

You are able to permanently add a filesystem by modifying the /etc/fstab file of the host.

Use your preferred text editor:

sudo nano /etc/fstab

And add the following:

"user"@"client_IP":/mnt /sshfs fuse.sshfs defaults,_netdev,user,idmap=user 0 0

The options defaults,_netdev,user,idmap=user specify default options, consider it as a starting point. You can adjust these options based on your needs. The 0 0 at the end indicates the dump and pass options, which can usually be set to 0 for SSHFS mounts.

If you are using RSA keys you will have to add the following to the flags identityfile=/home/"user"/.ssh/id_rsa. So that the filesystem can be mounted automatically. It's important to specify the user pertaining to the local path. This specification is vital because /etc/fstab operates with root privileges, and otherwise the system wouldn't be able to determine which user's authentication key to search for.