Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: A detailed look at MacFUSE and the SSH file system System 10.4
Have you ever been been at work or somewhere else and wished you could access the files on your home computer remotely and safely? (Or maybe the other way around?) I've just helped someone set up a remote connection through a router to their work machine so they can access the files from home. (Of course this only will work if it's your computer and you have authorization to modify the router settings and remotely access the computer.)

Google provides MacFUSE (File System in User Space) that provides this ability via a secure (SSH) connection, and it's fairly easy to do. Basically, with MacFUSE installed, it's like having the remote computer's hard drive mounted on your desktop (remember it'll be a little slow via the internet), but you can do anything on the remote machine that you need to (providing you have the related applications on the local machine to access the remote files). The real advantage here is it's a much more secure method and passwords do not get sent in the clear.

For the setup I just did, the hardest part was getting the LinkSys router to set a static IP address for the remote machine, which is necessary for this project. I ended up doing a firmware upgrade to the router (definitely NOT for the faint-of-heart) but the resulting router system was far superior to the standard Linksys software -- but that's a whole other subject.

[robg adds: What follows is a more detailed version of this hint, and it contains a bit of updated information. If you found the original hint detailed enough, then you'll probably find this one redundant.]

If you are looking for more detail on the FUSE project, check out the project's Google Code page. There you'll find links for downloads, and a Wiki for help as well as a Google video talk about the project. One thing that stumped me for a bit was making the initial first connection -- you have to do the first connection via Terminal to get a key for that machine, but from then on it's very straight forward.

Getting Started:

If you don't have 10.4 or later, don't read any further.

Setting Up the machine to share:
  • Be sure you have a "good" (e.g. secure) password on the machine you are going to access.
  • Go to System Preferences » Sharing and turn on Remote Login from the Services tab.
  • If this machine is behind a router/firewall, then you will have to set the router to give this machine a static IP address, and set the router to forward port 22 to that machine's IP address.
  • Get the external IP address (i.e. via checkip.dyndns.org) of the machine or the router (or domain name) and record it. Be sure you know the username and password of the user on the machine you are going to access.
Setting up the remote machine (only needs to be done once):
  • From the MacFUSE downloads page, download and install the MacFUSE-Core and sshfs DMG files. Note: these are not needed on the computer you are trying to access, only on the computer that you are going to be connecting from.
  • Read the 'SSH file system for MacFUSE' and 'Using the Graphical Application' sections of the MacFUSE Wiki.
  • So that the SSHFS - MacFuse program has a valid key to access the other machine, it needs a security key. To set this up, open terminal and type ssh -2 username@ipaddress, where username is the username of the account on the remote machine and ipaddress is the IP address of the remote machine or its router (could be a domain name). If all goes well you will be asked for the password for that account, and you will be prompted to accept the security key -- you must type YES (not Y) to do so.
You are now ready to use the graphical interface, so quit Terminal. If the IP address of the machine you are trying to access changes, you will need to redo the above steps using the new IP address.

Using MacFuse:
  • Launch the file system that you want to use -- in this case SSHFS.app
  • SSHFS.app will prompt you for the following:
    • server: this is the domain name or the IP address you recorded above
    • username: the same one you used above in Terminal
    • remote dir: in most cases you'll leave this blank
  • If this is your first use, click Connect; otherwise, click Cancel and to the File » Recent SSH Servers item and pick the server you want to access.
  • Enter the password and press Return
You can now access the remote files -- when you are done, remember to eject the drive and quit the SSHFS app.

What else can MacFuse do?
  • Watch the MacFUSE Tech Demos from Macworld Expo 2007 to get more ideas.
  • Download some of the other file systems discussed in that video from the downloads page (only SpotlightFS as of now).
  • Read about and download MacFusion. [robg adds: This site appears to have vanished, at least as of the morning of September 11th.]
  • NTFS setup info is available in this hint.
  • At this time, the picassa and docs modules aren't available, but hopefully they will be in the future.
    •    
  • Currently 3.50 / 5
  You rated: 5 / 5 (6 votes cast)
 
[31,388 views]  

10.4: A detailed look at MacFUSE and the SSH file system | 17 comments | Create New Account
Click here to return to the '10.4: A detailed look at MacFUSE and the SSH file system' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
WARNINGS
Authored by: brontide on Sep 11, '07 08:42:58AM

1) You must secure *ALL* accounts with a password before enabling ssh 'Remote Access' or you are leaving your system open. Note, even though the sshd_config appears to prohibit empty passwords it's a bug in pam support that Apple has know about for YEARS!

2) MacFusion has a serious security issues with textual passwords stored in the keychain for ssh mounts. MacFusion will happily disclose the password to any application/script running within your context.

3) SSHKeychain before 0.8.1 also had some major security issues that have been resolved.

The most secure way to do this is to use ssh keys to authenticate ( which you should be using anyways ) rather than plain text passwords.



[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: jiclark on Sep 11, '07 10:03:00AM
Could the same thing be accomplished with this tool?:

http://www.gideonsoftworks.com/sshhelper.html

SSHhelper

It's free, and says it makes it easy to generate new SSH keys, among other things...

Unfortunately, like so much of the under-the-hood aspects of OS X, I don't fully understand SSH... Is this also a possible solution for using a open wireless network (at a coffeeshop or something) to get a little better security when logging into password-protected services like webmail and the like?

[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: Anonymous on Sep 13, '07 10:26:10AM
No, but it might help. Where they say
Secure Shell helper alleviates the need to use the command line to configure a working OpenSSH system. It's all point and click !
they're forgetting that you need to have a way of actually doing something with SSH. That's where MacFUSE and sshfs come in.

[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: Morwen on Sep 11, '07 11:03:03AM

Whats the difference between this and ssh portforwarding and just using Connect to Server in the finder and mounting your remote drive that way?



[ Reply to This | # ]
Connect to linux/solaris file systems
Authored by: Pausanias on Sep 11, '07 04:04:54PM

The answer is it lets you mount linux/solaris file systems, which AFP/SBM do not without special configuration.



[ Reply to This | # ]
Linksys firmware (slightly off topic)
Authored by: jecwobble on Sep 11, '07 11:40:11AM
You mention a firmware "upgrade" as being tricky and then say it was far superior to the standard software. I am guessing that you installed a firmware hack and not a firmware upgrade? Is that true? If so, where did you get it and what benefits are there? Upgrades from Linksys are pretty easy.

[ Reply to This | # ]
Linksys firmware (slightly off topic)
Authored by: brontide on Sep 11, '07 12:28:15PM

dd-wrt has been pretty good to me. But I have one of the older, more hackable models.



[ Reply to This | # ]
Linksys firmware (slightly off topic)
Authored by: gruffell on Sep 11, '07 03:56:29PM
I used DD-WRT. The router's software wouldn't let me assign a static IP to the target machine, but the new firmware gives you that and many more options than the standard didn't.

[ Reply to This | # ]
what about encrypted AFP?
Authored by: Whosawhatsis on Sep 11, '07 11:42:19AM

Is there any significant advantage to using this instead of AFP/SMB over an SSH tunnel (TCP over TCP, but it requires no added software if you know how to configure the tunnel manually) or over hamachi (or similar UDP VPN)? Both of these options offer more options for NAT traversal and have more possible applications. Before I found hamachi, I used a series of ssh tunnels to connect to my home machines when I was away, and encrypted file transfers (as well as encrypted VNC and anything else I needed), and with the tunnel/VPN already running, file sharing is as easy as on a LAN.

---
I was offered a penny for my thoughts, so I gave my two cents... I got ripped off.



[ Reply to This | # ]
what about encrypted AFP?
Authored by: gruffell on Sep 11, '07 04:01:08PM

This is easier than the tunnel method because you don't need to do anything special on the server - so long as it has ssh which is the real advantage of this, you can connect to any computer that has ssh and mount the filesystem as a harddrive.

Look at the "What else can MacFuse do?" section and watch the demo there it gives you a much better description than I can do here.



[ Reply to This | # ]
what about encrypted AFP?
Authored by: Alrescha on Sep 11, '07 04:13:07PM

"This is easier than the tunnel method because you don't need to do anything special on the server"

I don't understand this comment. I've been tunneling port 548 over ssh for a long time and I never had to do anything special on the server end.

I'm sure Fuse has an application, but for OS X to OS X connections, I don't see an incentive to change.

A.



[ Reply to This | # ]
what about encrypted AFP?
Authored by: Anonymous on Sep 12, '07 03:33:42PM
"I'm sure Fuse has an application, but for OS X to OS X connections, I don't see an incentive to change."
There's your answer. But Web developers often have hosting on a remote Linux machine. They might be using MySQL and so have a use for mysqlfs. Content creators might like to explore and debug their master DVD content with DVDfs. FUSE unifies these under a single mechanism to support any data structure as a filesystem. This is the Unix philosophy: elegant.

[ Reply to This | # ]
what about encrypted AFP?
Authored by: jhirbour on Sep 11, '07 07:15:41PM

The thing you've gotta watch with AFP is that it doesn't work well with latent links. If you have a speedy connection from your desktop/laptop to your server then you should be ok.

I've worked at an ISP for 9 years and seen OS X come out and customers starting to use it... The ones that call complaining about slow apple file transfers are almost always using AFP over TCP (and most of the time using it from CA to NY ... :-( stupid speed of light).

We've even done packet dumps (tcpdump etc...) of the AFP and it's something about length of time between TCP resends and AFP error correction that doesn't mesh. I mean after all I'm pretty sure AFP was developed as a LAN technology not a WAN technology.



[ Reply to This | # ]
10.4: HamachiX might be easier for connecting to a remote file server
Authored by: BobHarris on Sep 11, '07 04:41:11PM
I think MacFUSE, ssh and the ssh file system are nice, and very useful if the remote system is not a Mac and does not have an AFP or SMB/CIFS file server running. I personally use ssh at work and at home all the time and have it built into a lot of scripts that keep my systems alive and well.

However, for establishing secure file server connections across the internet, I find that HamachiX is a lot easier to setup and use.

http://hamachix.spaceants.net/

Install HamachiX on each Mac (can be more than 2 if you want).

Create a new network:
HamachiX -> Networks -> Add Network
Give the network a unique name of your choosing.
Give it a password.
Specify Create on Demand.

On the other Mac Repeat with the identical network name, password, and Create on Demain option. This can be done once and left up and running while you are away from home. You could even arrange for HamachiX to be one of your account Login Items.

You should now have a private secure VPN between your 2 Macs.

To connect to the remote Mac file server use:
HamachiX -> Networks -> Connect Using... -> AFP

If you have more than 2 Macs in the VPN they can all share each other's file systems.

Hamachi will deal with most firewalls, routers, ISP assigned DHCP IP addresses, etc... seamlessly.

Bob Harris

[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: jameschao on Sep 11, '07 11:28:47PM

I've been using MacFUSE for a while and found it to be a very convenient tool for accessing other machines with a nice GUI in Finder. In fact, I develop in TextMate over a connection made with sshfs, and gernally it works well. There's also a GUI version, MacFusion that makes it even easier to use.



[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: billy.kessler on Sep 12, '07 10:00:40PM

I have used MacFUSE and sshfs quite a bit to mount drives from my office to home in the evening (Mac to Mac). It's a cool app. But a warning: if you have a drive mounted this way, and the connection times out or otherwise goes down, really bad things can happen, because the Finder can hang. In one case a hard restart was the only option, and when the machine came back a lot of my Library had been destroyed. So it's not an application to run and casually let sit there open.



[ Reply to This | # ]
10.4: A detailed look at MacFUSE and the SSH file system
Authored by: cultghost on Nov 12, '07 05:31:39PM

Macfusion worked for me running Leopard into an Ubuntu server that I use to store all my media files. However, I can't make the connection except in terminal. Because of the latter I'm stumped since permissions seem ok. Any suggestions appreciated!

My woes began after rebuilding the server :(

Cheers

Gary.



[ Reply to This | # ]