40

I would like to mount a remote file system (A) using SSHFS, but sometimes I have IP address, access from which is not allowed. So my plan is to access it via another machine (B) in that network. Do I need to mount A on B and then to mount B (and A) on my local computer? Is there a better way to do it?

Update

Just to clarify the procedure:

First, I make a tunnel

ssh -f user@machineB -L MYPORT:machineA:22 -N

And then I mount the remote file system

sshfs -p MYPORT user@127.0.0.1:/myremotepath /mylocalpath

Is it correct?

How do I destroy the tunnel when I am done?

Andrei
  • 1,554
  • 5
  • 19
  • 28
  • 1
    better way to set up tunnel is to have connection to B from *GNU screen* window using *ssh user@machineB -L 2222:machineA:22 -N* so you can easily kill it with ^C – edk May 09 '10 at 16:03

4 Answers4

26

You can use option ssh_command of sshfs to do the trick:

sshfs ma: /mnt -o ssh_command='ssh -t mb ssh'

Unmount with the usual

fusermount -u /mnt

Sorry this is 7 years late...

Rodrigo Farias
  • 361
  • 1
  • 3
  • 2
  • 10
    With the new -J option in Openssh 1.1 it is something along: sshfs ma: /mnt -o ssh_command='ssh -J mb' – Ohad Rubin Jul 18 '18 at 01:25
  • I wasn't able to get this syntax to work on my particular network configuration, but the `-o proxyjump` syntax did. – MRule Jan 29 '21 at 11:54
12

This is what works for me on HighSierra 10.13.6, SHFS version 2.5 (OSXFUSE SSHFS 2.5.0) OSXFUSE 3.10.4. FUSE library version: 2.9.7

Based on Rodrigo Farias's answer above + clemisch and Ohad Rubin comments for noting the -J option:

sshfs -p port finalserver_username@finalserver:/path/to/folder/on/finalserver/ /local/mount/point -o ssh_command='ssh -J intermediate_server_username@intermediate_server:port'
Gatos
  • 3
  • 2
dcneuro
  • 121
  • 1
  • 3
  • If it works for you why do you have to base it on answers and comments? – somebadhat Mar 23 '20 at 03:40
  • 2
    I'm not sure what you mean. The -t options worked on a previous setup, but not on this one. That's what I meant by "works for me on ..". The answer is a combination of the original answer by Rodrigo with the comments from Ohad and Clemisch, hence the attribution. – dcneuro Mar 23 '20 at 07:16
  • Thanks! This was the only solution that worked for me in Catalina. – The Doctor Jan 31 '21 at 16:23
  • Currently using an old mb pro with Mojave. Used macports to install sshfs. Was able to connect to a server in a VPC going through a gateway box using this method. Thanks! – gview Mar 16 '21 at 04:43
11

yeah tunneling. You connect machine B, create local tunnel (-L) to SSHd port of machine A then sshfs to localhost to the port of newly created tunnel.

edk
  • 326
  • 2
  • 4
  • Is the following command the right way to do that? `ssh -f user@machineB -L 25:machineA:25 -N` – Andrei May 08 '10 at 14:00
  • 1
    yes if you have sshd listening to port 25 on machine A. then you'll just have to *sshfs -p 25 user@127.0.0.1:/path /localpath* – edk May 08 '10 at 14:20
  • 1
    Aha, so for default ssh setup I need `ssh -f user@machineB -L 22:machineA:22 -N`, right? – Andrei May 08 '10 at 15:32
1

Your connection scheme: Your machine --> Host B --> Host A

Our solution will use Proxy Jump, introduced in OpenSSH 7.3, so you'll need to check that your version is newer with:

ssh -V

Then you need to configure properly your ~/.ssh/config. For example, if machineB is available with a password login from machineA :

machineB
    HostName {machineB ip address}
    User {machineB username}
    Port {machineB port-number}
    IdentityFile ~/.ssh/{machineB private ssh key}

machineA
    ProxyJump machineB
    Hostname {machineA ip address, maybe in local network}
    User {machineA username}
    Port {machineA port-number}

Finally, create your mountpoint and add line to /etc/fstab

machineB:{machineB mount path}  {your local mountpoint}  fuse.sshfs delay_connect,_netdev,user,idmap=user,follow_symlinks,identityfile={local path to machineB private key},default_permissions,uid={local user uid},gid={local user gid} 0 0
lucidyan
  • 119
  • 3