Accessing your files at home from your office

Assume you are at work and you would like to access your files at home in a secure way. There are many ways to accomplish this, for example by remote desktop. In this article I will unveil another approach namely via SSH (Secure SHell) and mounting your remote home-directory at your computer at work.

Example setup: Two linux boxes, one at home and one at your office. The computer at home is running a SSH-server. At your office you do have a SSH-client installed, and you need to install SSHFS (SSH filesystem).

Ofcourse there must be an Internet-connection available between the two boxes. Problems connecting through the company proxy/firewall? Read this article: Connecting to remote SSH-server from within company firewalled network.

The commands below can be executed as normal user (no root/administrator rights required).

Step 1: Create a mountpoint at the office computer

mkdir ~/remote_files

Step 2: Mounting your remote home directory to the one created in step 1.

sshfs vincent@[hostname of computer at home]:/home/vincent ~/remote_files

  • Here we assume the user ‘vincent’ would like to connect to his home directory. In theory you can mount any remote directory (not only /home/vincent). Which directories are possible, depends on the rights of the connecting user.
  • Replace “hostname of computer at home” with the hostname or public IP-address of your computer at home.

Step 2a: Entering your password

You are asked to enter the username for user ‘vincent’ at the remote computer. Later on in this article I will explain how to avoid this step.

Step 3: Accessing your remote files

Now you can access your remote files like they are physically at your office computer.

To get a directory listing of your remote home directory, enter this command for example:
ls ~/remote_files/

To unmount enter the command: fusermount -u ~/remote_files

CURLFTPFS

Another (less secure) way to mount your remote home directory at your office computer is to use: CURLFTPFS. This name is a compound of these parts: cURL (Command line tool for transferring data with URL syntax), FTP (File Transfer Protocol) and FS (filesystem).  When you use this method, there must be a FTP-server running at your computer at home.

Execute this command to make the connection:
curlftpfs vincent:[password]@[hostname of computer at home] ~/remote_files

Replace password with the password for the user ‘vincent’ at the computer at home.

Warning: When performed in this way, all users at your office computer can read the password by simply executing the command: ps auxfww (process list).

SSH RSA Private/Public keys

In Step 2a I promised you to tell how to avoid entering the password every time you would like to connect. Here is how..

The base of this solution is sharing your SSH RSA-public key. RSA stands for Rivest, Shamir and Adleman who first publicly described it and is an algorithm for public-key cryptography.

At your office computer (client) enter the command: ssh-keygen -t rsa to create a public/private key pair. Just select the default answers for the questions during this process.

Now copy/transfer the generated file: ~/.ssh/id_rsa.pub (public RSA key) to the authorized keys file at your computer at home (server).

Depending on your SSH-server, the authorized keys file could be at different locations.

For OpenSSH the location of the authorized keys file is: ~/.ssh/authorized_keys2
For Dropbear the location is ~/.ssh/authorized_keys (without 2) or /etc/dropbear/authorized_keys Just try which of these two locations work for you.

When this file exists already, simply concatenate the contents of id_rsa.pub to the existing file (cat id_rsa.pub >> authorized_keys2).

Shields up

Now make the authorized keys file read/write only for you:

chmod 600 authorized_keys(2)

Troubleshooting

It must be possible to connect via SSH to your computer at home without entering a password now. Instead of a password you are using the private/public keys authentication.

When this doesn’t work, start SSH-client with the option -v (verbose) to check what is wrong.

Read more