Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sauron

Sharing folders over the internet with SSH

Recommended Posts

Posted · Original PosterOP

What?

This guide will teach you everything you need to know to elegantly and securely share a folder over the internet using ssh on Linux. By the end of this guide you should be able to seamlessly use the shared folder as if it were on your local drive.

Why?

It can be handy to be able to access a personal NAS/storage server through the internet; using SSH ensures a fast, reliable and secure connection with a relatively simple setup. This also works on local networks though at that point there are easier ways of achieving this since security isn't as much of a concern.

 

But more importantly, how?

I'm glad you asked.

 

Step 0: Requirements

Before we start there are a few things you'll need and I will assume you have.

Spoiler

To follow this guide you will need at least:

  • A computer running a Linux distribution which hosts the folder you want to share, hereafter referred to as "server". This will have to be always on for obvious reasons so I would recommend using something that doesn't draw too much power. A Raspberry Pi (any generation really) with an external drive would be a good starting option.
  • A computer running a Linux distribution which will be used to access the shared folder remotely, hereafter referred to as "client"
  • Unrestricted local access to the network the server is connected to.
  • Superuser privileges on both the client and the server
  • An internet connection for initial setup

If you wish to do this through the internet you will additionally need:

  • A router and a modem that support port forwarding (for most people these will be part of a single piece of equipment you got from your ISP)
  • A dynamic DNS domain. I will not cover how to set this up because it can vary wildly depending on your network setup and the service you subscribe to; there are plenty of guides on how to do this with various configurations. Personally I use no-ip which offers up to 3 free domain names - the only "catch" being that you need to click on a renewal link every 30 days. (disclaimer - I was not paid by no-ip to say this)

This guide assumes you're using a systemd distribution; you can still do this on a distribution that doesn't use systemd but you'll have to figure out what the equivalent commands for your init system are on your own. Most major distributions - including Arch, Debian, Ubuntu, Fedora and CentOS - use systemd so if you don't know what I'm talking about you'll probably be fine.

 

This *should* also work on FreeBSD, MacOS and Windows (minus the systemd part) but I didn't try it and the setup varies. If you want to try it anyway you should be able to find some guides on how to install the required software.

 

Step 1: Initial server setup

First of all you will need to install and enable OpenSSH on your server, if you haven't already.

Spoiler

Install the OpenSSH server.

 

Arch Linux:


sudo pacman -S openssh

 

Debian/Ubuntu:


sudo apt install openssh-server

or


sudo apt-get install openssh-server

on old releases.

 

Fedora/CentOS/RHEL:


yum install openssh-server

 

--------------------------------------

 

Next, start and enable the sshd service:


sudo systemctl start sshd

sudo systemctl enable sshd

 

 

Step 2: Initial Client setup

You will need to install OpenSSH on the client as well:

Spoiler

Arch Linux:


sudo pacman -S openssh

 

Debian/Ubuntu:


sudo apt install openssh-client

or


sudo apt-get install openssh-client

on old releases.

 

Fedora/CentOS/RHEL:


yum install openssh-client

 

------------------

 

Unlike the server the client doesn't need the sshd service to be running; to test that both the server and the client have a working OpenSSH configuration try connecting to the server:


ssh <server's username>@<server's ip address>

Enter the password and, if all has gone well, you should now be logged in to your server.

 

 

Step 3: Security

Before we proceed any further we need to take care of security and authentication methods. We will set up the server and client to use public key authentication. Not only is this more secure, it will also allow you to connect automatically without needing to enter your password, which will be useful later.

 

Spoiler

Generate a new key pair on your client:


ssh-keygen -f ~/.ssh/id_rsa -p

and go with the defaults (unless you know what you're doing).

 

Then, copy the public key to the server using scp (it should come with OpenSSH):


scp ~/.ssh/id_rsa.pub <server's user>@<server's ip>

then login to your server and authorize your public key:
 


mkdir -p ~/.ssh

chmod 700 ~/.ssh

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

rm ~/id_rsa.pub

chmod 600 ~/.ssh/authorized_keys

You should now be able to ssh into the server from the client without entering a password; make sure that is the case before proceeding.

 

Next, we should disable password access. On the server, edit /etc/ssh/sshd_config (as superuser) and add the following line:


PasswordAuthentication no

 

You may want to leave password access enabled on your local network to set up multiple clients more easily; to do that, add the following lines to /etc/ssh/sshd_config:


Match address 192.168.0.0/24
        PasswordAuthentication yes

Where 192.168.0.0/24 is your local network's subnet.

 

Restart sshd on the server:


sudo systemctl restart sshd

and make sure you can still connect from the client.

 

 

Step 4: SSHFS

This is where the meat of the guide starts; SSHFS is the protocol that allows us to mount a remote folder through SSH.

Spoiler

Install SSHFS on the client:

Arch Linux:


sudo pacman -S sshfs

Debian/Ubuntu:


sudo apt install sshfs

Fedora/CentOS/RHEL:


sudo yum install fuse-sshfs

 

-------------------

 

Then test it by mounting a folder from your server on your client:


sshfs <server's user>@<server's ip>:/path/to/the/folder/you/want/to/share /path/you/want/it/to/show/up/in/on/the/client

for example:


sshfs user@192.168.0.4:/home/user/Pictures ~/RemotePictures

in this case, opening the RemotePictures folder on the client should allow you to access the content of the Pictures folder on the server (provided it exists). Because we set up public key authentication earlier it shouldn't prompt you for a password.

 

 

Step 5: Automatic mounting and reconnection

Mounting your shared folder manually every time you need it is an unnecessary chore; you can set up your client to do it automatically whenever the server is reachable.

Spoiler

 

Edit /etc/fstab as superuser and add the following line:


<server user>@<server ip>:/shared/folder /local/folder fuse.sshfs noauto,x-systemd.automount,_netdev,users,idmap=user,port=22,IdentityFile=/home/<client user>/.ssh/id_rsa,allow_other,reconnect 0 0

woah, that's a mouthful. Make sure <server user>, <server ip>, <client user> and the paths to the folders are all correct and as you want them to be. You can add multiple lines for different folders if you so wish - just make sure only one server folder is mapped to a given client folder.

 

At this point, reboot your client. When you log in again you should see the remote folder mounted where you specified (assuming you are connected to your network). If you only need this on a local network you can stop here.

 

 

Step 6: Do it through the internet

We're almost done! Now we just need to make our server accessible from the internet.

Spoiler

 

Forward port 22 on your server to an external port on your modem. You should not use 22 as an external port as it is the first port an external attacker (mostly bots) would check to see if you have an open SSH port. Let's say you used port 5122 for the purposes of this guide. I will also assume you have a dynamic DNS domain name set up.

 

Once that is done, check that you can connect to the server using SSH from the internet.


ssh -p 5122 <server user>@<your domain name>

If that doesn't work double check that you forwarded the correct ports and that your domain name actually redirects to your external IP address.

 

Now, change /etc/fstab to reflect the differences; substitute the local network ip with the domain name and the port with the external port. For example:


<server user>@mydomain.net:/shared/folder /local/folder fuse.sshfs noauto,x-systemd.automount,_netdev,users,idmap=user,port=5122,IdentityFile=/home/<client user>/.ssh/id_rsa,allow_other,reconnect 0 0

 

 

and... you're done! Enjoy 🐧


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×