SSHFS + Linux = SFTP powered cloud storage

sshfs

Do you like cloud storage? Did you read the comparison between Dropbox, Google Drive, One Drive, and Box? Still cannot decide? Great! Then this article is for you. After reading it, you will probably decide to get yourself a Linux box and build your own custom cloud storage using Linux and SSHFS.

In computing, SSHFS (SSH Filesystem) is a filesystem client to mount and interact with directories and files located on a remote server or workstation. The client interacts with the remote file system via the SSH File Transfer Protocol (SFTP), a network protocol providing file access, file transfer, and file management functionality over any reliable data stream that was designed as an extension of the Secure Shell protocol (SSH) version 2.0. – Wikipedia

Enable file sharing over SSH (SFTP)

SFTP is the secure variant of the file transfer protocol (FTP). A (Debian-based) Linux server only needs an SSH server to allow to serve the home directory of the local users via SFTP. The following commands enable this:

sudo apt-get install openssh-server

To install and enable the firewall:

sudo apt-get install ufw
sudo ufw allow 22
sudo ufw enable

To find the public IP address:

curl ifconfig.me

You need this IP address and the default port (22) to connect to your cloud storage. Note that if you run this Linux box at home you need to forward TCP port 22 on your broadband (DSL or Cable) modem/router. You can look up how to do this on your device via portforward.com (disable your ad-blocker to make this website work correctly).

Advantages of SSHFS over public cloud storage

  • You can use your cloud server also as a web server, application server, database server, mail server, and DNS server (flexibility)
  • The cost per GB of storage and GB transferred is very low (costs)
  • More control over privacy of the data (security)

Disadvantages of SSHFS compared to public cloud storage

  • No automatic backups (data safety), but you can make a rsync cron job
  • No web interface available, but you could install one
  • No document versioning built-in, but you can use Git

SSHFS client for Linux

Linux has support for Filesystem in Userspace (FUSE). This means it supports mounting volumes without having root access. This is especially good when mounting external storage for a specific user. A cloud storage filesystem accessed over SSH is something you typically want to mount for a specific user.

To enable access to your cloud storage on Linux you must first make a directory where you want to mount the cloud storage. It is very convenient when the directory is automatically mounted as soon as it is accessed. This can be achieved by using the AutoFS tool. The AutoFS service (daemon), once installed, takes care of automatically mounting and unmounting the directory.

sudo apt-get install autofs sshfs
sudo nano /etc/auto.sshfs
sudo nano /etc/auto.master
ssh maurits@cloudserver
sudo service autofs restart

Now we have to create a autofs configuration that states in which directory the remote location is mounted. The following configuration tells AutoFS to use SSHFS to mount from “maurits@cloudserver” the directory “/home/maurits” onto the local “cloudserver” directory.

maurits@nuc:~$ cat /etc/auto.sshfs
cloudserver -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536,IdentityFile=/home/maurits/.ssh/id_rsa,UserKnownHostsFile=/home/maurits/.ssh/known_hosts :sshfs\#maurits@cloudserver:/home/maurits

At the end of the file “/etc/auto.master” we add the following lines:

# Below are the sshfs mounts
/home/maurits/ssh /etc/auto.sshfs uid=1000,gid=1000,--timeout=30,--ghost

This means that the local directory “/home/maurits/ssh” will hold the directory “cloudserver” that we specified earlier. As you can see I also specified the user that owns the files and the seconds of inactivity after which the directory is unmounted and the SSH connection is ended.

Before everything works you must make sure you add yourself to the “fuse” group using the following command or the mounting will fail:

sudo usermod  -a -G fuse maurits

After doing this you may have to logout and login again before the changes are effective.

This setup allows me to edit the remote files as if they are locally available. Other software is not aware that the files are actually on a remote location. This also means I can use my favorite editors and/or stream the media files using my favorite media player.

I used the following sites to find out the above configuration:

  1. http://unix.stackexchange.com/questions/52262/autofs-with-sshfs-not-working-anymore
  2. http://www.mccambridge.org/blog/2007/05/totally-seamless-sshfs-under-linux-using-fuse-and-autofs/
  3. https://help.ubuntu.com/community/SSHFS
  4. http://hublog.hubmed.org/archives/001928.html
  5. https://bbs.archlinux.org/viewtopic.php?id=175257

Enhanced security using EncFS

There is a possibility to enhance the security of your cloud storage by adding EncFS to your SSH mounted filesystem. I’ll leave this as an exercise for the reader. EncFS can encrypt the files (and filenames) on the storage with AES-256. You can read some about that here and here. Using encryption may avoid the data being leaked in some cases, for instance, when a disk is broken and needs replacement. On the downside there are not many clients that support this.

SFTP in read-only mode

If you do not want to any risk corrupting files due to broken connections while writing, you can chose to run the SFTP subsystem in read-only mode. To do this you need to add the -R flag to the SFTP subsystem line in “/etc/ssh/sshd_config” so that it becomes:

Subsystem sftp /usr/lib/openssh/sftp-server -R

In my experience this type of file corruption is not happening a lot, but you better be safe than sorry. Also this will prevent you from accidentally deleting files. So if you do not need to write anyway, then you should put the system in read-only mode for safety reasons. Note that you can still use rsync when you put the SFTP system in read-only mode.

Disable password login for SSHD

Using passwords for logging in to SSH is not the most secure solution. If you open up your SSH to the Internet you should be using public key authentication. You can read about it here and here or follow these clear instructions. After doing that you can disable the password login by putting this line into the /”etc/ssh/sshd_config” file:

PasswordAuthentication no

SSHFS clients for other platforms

If you are not working on your Linux box, but you want to access your SSHFS cloud storage you can use one of the following clients (that all support private keys). I personally tested a lot of clients and although there are plenty of choices I recommend the following (none of these clients support EncFS):

Open source Windows client

Open source OSX client

Free iOS (iPhone/iPad) client (no media streaming support)

Free Android client (no media streaming support)

Final words

We have shown you how to setup your own cloud storage. Some may say it is not as good as Dropbox or Google Drive or any other commercial provider, others may argue it is better. What is good about it is the large choice in clients that are available for this kind of cloud storage, due to the open source nature of the technology.

Share