Assume you are at work and you would like to access your files at home in a secure way. There are many ways to accomplish this, for example by remote desktop. In this article I will unveil another approach namely via SSH (Secure SHell) and mounting your remote home-directory at your computer at work.
Example setup: Two linux boxes, one at home and one at your office. The computer at home is running a SSH-server. At your office you do have a SSH-client installed, and you need to install SSHFS (SSH filesystem).
Ofcourse there must be an Internet-connection available between the two boxes. Problems connecting through the company proxy/firewall? Read this article: Connecting to remote SSH-server from within company firewalled network.
The commands below can be executed as normal user (no root/administrator rights required).
Step 1: Create a mountpoint at the office computer
Step 2: Mounting your remote home directory to the one created in step 1.
sshfs vincent@[hostname of computer at home]:/home/vincent ~/remote_files
- Here we assume the user ‘vincent’ would like to connect to his home directory. In theory you can mount any remote directory (not only /home/vincent). Which directories are possible, depends on the rights of the connecting user.
- Replace “hostname of computer at home” with the hostname or public IP-address of your computer at home.
Step 2a: Entering your password
You are asked to enter the username for user ‘vincent’ at the remote computer. Later on in this article I will explain how to avoid this step.
Step 3: Accessing your remote files
Now you can access your remote files like they are physically at your office computer.
To get a directory listing of your remote home directory, enter this command for example:
To unmount enter the command:
fusermount -u ~/remote_files
Another (less secure) way to mount your remote home directory at your office computer is to use: CURLFTPFS. This name is a compound of these parts: cURL (Command line tool for transferring data with URL syntax), FTP (File Transfer Protocol) and FS (filesystem). When you use this method, there must be a FTP-server running at your computer at home.
Execute this command to make the connection:
curlftpfs vincent:[password]@[hostname of computer at home] ~/remote_files
Replace password with the password for the user ‘vincent’ at the computer at home.
Warning: When performed in this way, all users at your office computer can read the password by simply executing the command: ps auxfww (process list).
SSH RSA Private/Public keys
In Step 2a I promised you to tell how to avoid entering the password every time you would like to connect. Here is how..
The base of this solution is sharing your SSH RSA-public key. RSA stands for Rivest, Shamir and Adleman who first publicly described it and is an algorithm for public-key cryptography.
At your office computer (client) enter the command:
ssh-keygen -t rsa to create a public/private key pair. Just select the default answers for the questions during this process.
Now copy/transfer the generated file: ~/.ssh/id_rsa.pub (public RSA key) to the authorized keys file at your computer at home (server).
Depending on your SSH-server, the authorized keys file could be at different locations.
For OpenSSH the location of the authorized keys file is: ~/.ssh/authorized_keys2
For Dropbear the location is ~/.ssh/authorized_keys (without 2) or /etc/dropbear/authorized_keys Just try which of these two locations work for you.
When this file exists already, simply concatenate the contents of id_rsa.pub to the existing file (
cat id_rsa.pub >> authorized_keys2).
Now make the authorized keys file read/write only for you:
chmod 600 authorized_keys(2)
It must be possible to connect via SSH to your computer at home without entering a password now. Instead of a password you are using the private/public keys authentication.
When this doesn’t work, start SSH-client with the option
-v (verbose) to check what is wrong.