How do I mount an SSH folder in linux so I can access it and read/write as if a normal folder?

I have a remote server that I can SSH into. I want to mount a folder that's on that server onto my local linux desktop. Then I want to be able to read/write files there from within my text editor. How do I do this?

One IMPORTANT requirement:

The remote server does not allow root login
The folder on the remote server is root only

Normally when I ssh, I login as the basic user and then do an "su" to do root actions. How would I do this with sshfs?

Server: CentOS 6.5
Desktop: openSUSE 13.1

Don Rhummy

Posted 2014-01-30T20:57:13.400

Reputation: 552

I've never attempted it, but try Googling SMB over SSH. – Spencer5051 – 2014-01-30T21:08:59.700

Look into SSHFS.

– nerdwaller – 2014-01-30T21:09:54.117

@nerdwaller Does that work with the ssh requirements (I just updated my post)? The ssh server doesn't allow root login, so I have to login as basic and then do an "su" – Don Rhummy – 2014-01-30T21:12:28.057

Possibly, I think you may need to utilize a solution similar to this one in that case.

– nerdwaller – 2014-01-30T21:15:03.843

Check out How do I sudo over sshfs? too.

– Robertof – 2014-01-30T21:15:25.453

@Robertof Thank you, can you explain a bit more about that command? I'm not sure I understand the answer, which uses the -o option: sshfs login_user@host:remote_path local_path -o sftp_server="/usr/bin/sudo /usr/bin/sudo -u as_user /usr/lib/ssh/sftp-server" – Don Rhummy – 2014-01-30T21:50:13.403

@Robertof since my remote is CentOS, would it be: sshfs basicuser@remotehost:remote_path local_mount_path -o sftp_server="/usr/bin/sudo -u root /usr/libexec/openssh/sftp-server"? Do I have all those pieces correct? – Don Rhummy – 2014-01-30T21:55:49.223

You don't need the -u root parameter, sudo will default to root. However, keep in mind that sudo requires a password and sshfs won't ask you to input it. You either need to setup in the sudoers a NOPASSWD to spawn the server for your user, or to reset the notty parameter as explained in the linked answer. – Robertof – 2014-01-30T21:58:06.073

@Robertof thanks! does everything else look correct? And will that allow me to read/write to that folder on my local system as the user I'm mounting with (not basicuser but my local user)? – Don Rhummy – 2014-01-30T21:59:13.523

Yes, it should. – Robertof – 2014-01-30T22:01:00.617

@Robertof Is there no way to pass the password into the sudo command? – Don Rhummy – 2014-01-30T22:01:35.953

I was referring to the fact that you need to authenticate sudo, as explained in the other question. Also that will allow you to execute an sshfs session as root but without directly logging as root (since you said that it isn't allowed in that server). Instead, it will execute the SFTP server as root with sudo. (by the way since superuser is warning me - should I convert this as an aswer?) – Robertof – 2014-01-30T22:05:34.570

@Robertof Yes, please change to an answer (use the code string in my above comment with your changes) and I'll continue this conversation there - I have another question... – Don Rhummy – 2014-01-30T22:07:30.430

Ok, let me write it and then I'll answer your other questions. – Robertof – 2014-01-30T22:08:37.800

Answers

As @allquixotic stated in his answer, you can use SSHFS to mount a remote path in a local folder. To achieve what you asked, you need a solution similar to this one.

Since SSHFS uses the SSH File Transfer Protocol as a base, it means that a server is spawned when you login as an user. But this also means that you can't directly execute su, because a shell is not spawned.

A way to circumvent this is to run the server as root, and you can do that with the -o sftp_server as stated in the documentation. Like this:

sshfs username@host:remote_path local_mount_path -o sftp_server="/usr/bin/sudo /usr/libexec/openssh/sftp-server"

However, since sudo requires an authentication (obviously), you need a way to authenticate it. You may use two different alternatives:

Use the sudoers file to add the possibility to execute sftp-server, by your user, without asking a password. See how to do it here (it doesn't matter if it is for Ubuntu).
Run sudo with SSH, and then execute the sshfs command. This will allow sudo to be executed without a password, since you have already executed it a moment before. This will update the timeout for 5 minutes:
```
ssh username@host sudo -v
```

You can also try to pipe the password directly to sudo, but I don't recommend this since it is insecure and probably won't work because the server is not spawned by a shell.

Robertof

Posted 2014-01-30T20:57:13.400

Reputation: 616

Thank you! Three questions: 1. If I wanted this to occur on startup, how would I execute the first ssh ...sudo -v, pass the password and then have it exit before doing the shftp? 2. If I chose to allow my user in sudoers to execute sftp-server without a password, is there a security risk to that? 3. I assume the 5 minute timeout on the sudo -v doesn't matter because it's only applying to starting up the sftp-server, correct? – Don Rhummy – 2014-01-30T22:24:19.453

Just to check, if I added the command to sudoers, I assume it would be (the server is named "localhost.rserver"): basicuser localhost.rserver = (root) NOPASSWD: /usr/libexec/openssh/sftp-server, correct? – Don Rhummy – 2014-01-30T22:36:09.707

Since on the startup you don't have the possibility to ask a password (at least, not without spawning a GUI), you probably need to switch to the first solution. But you will need to add a passwordless RSA key too to allow the authentication, you can see more details here and here. 2) It shouldn't be too insecure, however if someone manages to obtain the password to your account he will be able to access root files too. 3) Yes, sudo only considers them for the login.

– Robertof – 2014-01-30T22:36:15.737

That sudoers line looks alright, but always remember to use visudo to edit your sudoers (and then test if it works). Also check if the path of sftp-server is /usr/libexec/openssh/sftp-server, just to be sure. Use grep Subsystem /etc/ssh/sshd_config (as root). – Robertof – 2014-01-30T22:39:36.780

OK, so my steps are: 1. Create RSA key, 2. ssh and save key to remote as well, 3. visudo on the remote to enable running sftp without password, 4. edit /etc/fstab to put that whole sshfs command line into it (what would that line look like? how do I pass the -o options to it?) and THANK YOU for helping me! – Don Rhummy – 2014-01-30T22:43:00.627

Since the fourth parameter of an /etc/fstab line specifies the options, this should be enough: user@host:/remote/path /local/path fuse.sshfs defaults,_netdev,sftp_server="/usr/bin/sudo /usr/libexec/openssh/sftp-server" 0 0. Also, no problem! – Robertof – 2014-01-30T22:49:13.880

OK, I'll try those steps out and report back. Just to clarify, since the fstab is on an opensuse machine (server is centos), it's still fuse.sshfs, correct? Also, does that command mount it locally under my regular user account? Or root? (I want regular local account) – Don Rhummy – 2014-01-30T23:34:29.357

Yes, it should be fuse.sshfs. It will be mounted as root, but you can check here to let other users edit the files.

– Robertof – 2014-01-30T23:59:27.967

The sshfs command is not working. I'm getting the error: remote host has disconnected. The command I'm using is: sshfs basicuser@192.168.1.111:/var/www/myapp /home/basicuser/code -o sftp_server="/usr/bin/sudo /usr/libexec/openssh/sftp-server" (And I checked, that is the path to sftp-server) What could be wrong? – Don Rhummy – 2014-01-31T23:07:42.100

Try to remove the sudo to check if the problem is caused by that command. If it is, then probably it is asking for a password (and it is bad), and we should troubleshoot it. Otherwise, check the logs (like in /var/log/everything.log, /var/log/auth.log or /var/log/messages.log or others, it depends on your distribution) for SSH-related errors. – Robertof – 2014-02-01T00:10:44.943

i did a debug option for running sshfs and it said: sudo: sorry, you must have a tty to run sudo – Don Rhummy – 2014-02-01T00:13:16.020

I added this line to etc/sudoers: Defaults:basicuser !requiretty and it now works! But is this ok? Is there a way to only do that for this one command? – Don Rhummy – 2014-02-01T00:15:54.970

It should not be a problem, you are just allowing cronjobs/automated scripts/every thing without a shell associated to run sudo as your account name. You can disable it for a single command, see here (but it should not be necessary)

– Robertof – 2014-02-01T13:16:26.970

There is more than one way to do this. Other answers that suggest alternatives aren't wrong; they're just different. I'm going to explain one particular possibility: sshfs.

You can use SSHFS, which is a Filesystem in Userspace that maps a directory to a local path over SSH. This should work on almost any modern GNU/Linux operating system with a Linux kernel of the 2.6 series or the 3.x series. You may have to compile the sshfs or libfuse components from source code if they do not exist in your distribution's repository.

Since you did not mention which distribution you are using, I am unable to provide more specific instructions for installation.

Usage example:

$ sshfs user@server.com: ~/destpath

maps the home folder of user on server.com to ~/destpath on the local machine.

allquixotic

Posted 2014-01-30T20:57:13.400

Reputation: 32 256

Does this work with the ssh setup (I updated my post)? The ssh server doesn't allow root login, so I have to login as basic and then do an "su". (The server is CentOS, desktop is openSUSE) – Don Rhummy – 2014-01-30T21:13:07.937

One approach would be to set up sudo so that it works for one specific (trusted) user account without a password, or change the permissions of the folder to a group that your user is in, or customize your login shell to a custom command that automatically obtains root privs. – allquixotic – 2014-01-30T21:18:23.773

Would this work? sshfs basicuser@remotehost:remote_path local_mount_path -o sftp_server="/usr/bin/sudo -u root /usr/libexec/openssh/sftp-server"? Do I have all those parameters right? – Don Rhummy – 2014-01-30T21:56:29.303