Jun 25, 2025

Institution File Share using SSHFS/SFTP

NFS? SMB? SSHFS!

Florian Maurer

projectscomputersmbnfssshfssftp

506 Words

2025-06-25

I want to have a shared file system across VMs and users, where everyone can have access to.

Requirements are:

  • authentication
  • permission management
  • easy to deploy
  • automatic mounting possible

I took a look at SMB (Samba) file sharing, which generally requires to have a samba share and typically is not very performant from my experience. Using NFS seems like the go-to solution with linux, but it only allows to have IP based permissions if you do not want to set up NFSv4 with Kerberos, which is a little bit over the top.

CephFS would also be possible, but requires all VMs to have direct communication and token in the Ceph network.

So I thought about FTP (insecure), FTPS (with HTTPS) and SFTP (with SSH). SFTP is very easy to use. It is nowadays also used by scp and is preinstalled with linux.

To mount such a remote file system as a FUSE, we need sshfs though, which is also available in all major package managers.

Server configuration

Add the following block to the end of /etc/ssh/sshd_config.

Match Group sftpusers
    ChrootDirectory /
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

Now run the following:

adduser sftpuser
groupadd sftpusers
adduser sftpuser sftpusers
service restart sshd

This user can now be used for sshfs only permissions, while other users on the system can be used for SFTP as well.

Linux Client configuration

To access this shared SFTP folder we now need

  1. to copy your key to 10.26.4.60:/home/sftpuser/.ssh/authorized_keys
  2. run sudo apt install sshfs on the client system
  3. add the following line to /etc/fstab:
sshfs#sftpuser@10.26.4.60:/mnt /mnt fuse defaults,_netdev,allow_other,reconnect,delay_connect,ConnectTimeout=5,ServerAliveInterval=5 0 0
  1. login once as root using ssh sftpuser@10.26.4.60 to accept the certificate. (otherwise sftp will error with Input/output error)
  2. run mount -a

Unmounting can then be done using umount /mnt.

In the following, two scripts for an automated installation are given.

In Userspace

We can use ssh-copy-id -s to copy our ssh key to the server with scp in the first place

sudo apt install sshfs
ssh-copy-id -s -i ~/.ssh/id_ed25519.pub fm4412e@10.26.4.60
mkdir ~/mnt
sshfs sftpuser@10.26.4.60:/mnt ~/mnt
# or as user
sshfs fm4412e@10.26.4.60:/mnt ~/mnt

Mount on boot for all users on this client

# run as root
ssh-copy-id -s -i ~/.ssh/id_ed25519.pub sftpuser@10.26.4.60
# password is sftpuser
apt install sshfs
echo "sshfs#sftpuser@10.26.4.60:/mnt /mnt fuse defaults,_netdev,allow_other,reconnect,delay_connect,ConnectTimeout=5,ServerAliveInterval=5 0 0" >> /etc/fstab
systemctl daemon-reload
mount -a

Windows configuration

SSH-FS is also available on Windows. I am not using it, but it is there: https://github.com/winfsp/sshfs-win

Basic usage is to enter the following path in the File Explorer:

\\sshfs.r\sftpuser@10.26.4.60\mnt

When using sshfs.r the path is taken relative to the root file system, otherwise it would be relative to the home directory of the login user.

It is also possible to automatically mount this using net use.

Summary

This configuration can be done on all research VMs so that one can upload the research data from the pc and has direct access for execution of scripts, independent from the actual VM on which this job is performed.

Of course we do need to have backups for this research data pool as well.

See Also