SSHFS on Windows via Samba Shares on Ubuntu VMWare

Originally published: 02/2007 by J Wynia

OK. Before I start on this one, I'm stating for the record that I'm posting this as much so I don't have to find it again as anything. However, given the number of places online that I found this question asked, but not answered, I hope it proves useful to the folks who've been looking for it.

Enough babbling, on with the geeking.

Here's the basic problem/challenge. While in an ideal situation, SFTP Drive looks nice, in reality, I've had problems with it during my 6 week trial that left me waiting till they work out some of the kinks. Most notably were the errors in connecting to this site after some sort of timeout. In those cases, I was entirely unable to connect to the site (even with disconnecting and reconnecting the SFTP Drive) without rebooting. Sorry, but that doesn't fly.

However, I still would really like easy access to my remote machines' files and preferably via SSH. So, since I had seen evidence of sshfs on Linux working at least on that end, I messed with that for a couple of days and finally got one of my virtual Ubuntu VMWare appliances to connect to Wynia.org via sshfs.

Then, yesterday morning a though occurred to me. What if I connected to the remote machines via sshfs on one of the Ubuntu machines and then shared the mounted directories via Samba. That way, I'd be able to map drives to these remote servers on my Windows workstations. I'd have *mapped drives to SFTP locations* by just going through a virtual Linux machine.

I went digging before work and got most of it working and finished the rest (though I do have a wishlist at the end for missing features) last night. It works. What follows is what needs to happen to make it work.

I started with an Ubuntu Server installation on VMWare Server, logged in as my one regular user. The virtual machine in question is my web development machine (mostly LAMP setup). SSH was already installed and working.

To install the sshfs package on the virtual machine:
sudo apt-get install sshfs

In order to be able to use the mounted directory as a regular user, you need to be added to the "fuse" group, which the package created:

sudo adduser your-username fuse

Note that the permissions change doesn't actually work until you log off and back on. However, since a reboot is needed shortly, don't worry about it.

Then, you need to create a directory for the remote mounted machine:

sudo mkdir /mnt/wyniaorg
sudo chown your-username /mnt/wyniaorg

Now, here's the part that wasn't in most of the tutorials, but necessary to make Samba work later on.

Create a file at /etc/fuse.conf

touch /etc/fuse.conf

Put the following line in /etc/fuse.conf:

user_allow_other

REBOOT

To mount the remote directory, here's the command that I use for Wynia.org:
sshfs wynia@wynia.org@84.40.22.116:/var/www/html /mnt/wyniaorg -o allow_other

Note that I actually need to use a full email address to log in to this server, so the first "@" is part of the username and the second is the delimiter for the host. The "/var/www/html is the remote directory and "/mnt/wyniaorg" is the local directory on the virtual machine.

It'll ask you for your password. For the moment, I'm going to have to type that in every time I mount the remote drive. There's a potential solution out there, but it doesn't work for the server this site sits on.

To avoid having to retype that beast of a commandline repeatedly, I saved the command as

~/scripts/sshfs_wyniaOrg.sh

Then make it executable:

chmod +x ~/scripts/sshfs_wyniaOrg.sh

To run that script:

cd ~/scripts
./sshfs_wyniaOrg.sh

I also created a script to unmount the directory:

fusermount -u /mnt/wyniaorg

and put it as "un_sshfs_wyniaOrg.sh", also making it executable.

To install Samba:

sudo apt-get install samba smbfs

To share the mounted drive, you need to edit the Samba config file:

sudo pico /etc/samba/smb.conf


I wanted to not have to enter a password to access the shared drive, so in /etc/samba/smb.conf, I set the security to

security = share

and then added a section at the end of the file for my new share.

[wyniaorg]
comment = wyniaOrg
path = /mnt/wyniaorg/
public = yes
writable = yes
create mask = 0777
directory mask = 0777
force user = nobody
force group = nogroup

I also added a section to share the /var/www directory of the virtual appliance itself:

[public]
comment = PHP Dev Server WWW
path = /var/www/
public = yes
writable = yes
create mask = 0777
directory mask = 0777
force user = nobody
force group = nogrou

Then, to open the files, I've already got the IP address in my hosts file (C:\WINDOWS\system32\drivers\etc\hosts):

192.168.252.171 php

So, in Windows Explorer, I can just:

\\php\

and I see my remote directory and the public share right there in Windows.

If the remote directory isn't mounted, you just get an empty directory. This is good because, as long as the Linux/Samba portion is up and running, Windows will map to the directory without complaining: there just won't be anything in there. This is good fallback behavior and beats the heck out of what Windows does when it can't find the network share at all. All that freaking out with warning dialog after warning dialog drives me nuts.

If you want to make the mapping of the drive semi-automatic, you can create a Powershell (more on this amazing addition to Windows in a couple of days) script called something like "map_wyniaorg.ps1" containing this code:

cls
$Drive = "J:"
$UNC = "\\php\wyniaorg"
# Create the Com object with New-Object -com
$net = New-Object -com WScript.Network;
# $net.removenetworkdrive($Drive)
$net.mapnetworkdrive($Drive,$Unc)

# Launches the Explorer
$shell = new-object -comObject Shell.Application
$Shell.open($Drive)

While I've gotten ssh without a password to work *between* the Ubuntu VMWare servers I've set up (using the instructions all over the web), I haven't gotten it to work with the wynia.org ssh setup. So, for now, I just deal with the password thing.

If the lazy web wants to grant my wishes, what I still want is the easy way to:

1. Do the sshfs mounting automatically.
2. Without passwords.
3. Without logging on to the machine.
4. At bootup.
5. And to make sure that cleanup is done properly at shutdown.

Oh, and I probably missed something, which will become clear the next time I want to do this on a machine and come back to this article. However, if you have a problem, let me know and I'll update.

Comments

J Wynia on 2/8/2007
What's really scary about this setup is that it's FASTER than jEdit's direct SFTP integration for saving files.
Fabian Rodriguez on 3/5/2007
Mmhh.. installing Ubuntu in a VM in Windows seems overkill for this... can't the same be accomplished with Cygwin ?
Ezekiel Grave on 10/10/2007
When trying to get ssh working without passwords, if you use "ssh -v usernam@host" you will see more errors that may be helpful. Most of the time it's a permissions issue. Public key authentication will not work if your ".ssh" directory is accessible by other users on the system. If you post errors, maybe we'll get it sorted out. If you DO get it sorted, check out the "preexec" and "postexec" configuration file entries for samba shares. Using these, it's possible to have your sshfs directories be automatically mounted and unmounted when you access the samba share. Brilliant. http://www.oreilly.com/catalog/samba/chapter/book/ch06_06.html
Michael Ryan on 3/14/2007
Try WebDrive. WebDrive will map a Windows drive to a server via SFTP. It has built in key-pair generation and supports password and public-key authentication to remote servers. It is not free, but you do get a 20 day trial that has full SFTP support. It runs on Vista, XP, 2003, etc (both 32 and 64 bit editions). We also have users who run it on MAC OS/X through Parallels.
J Wynia on 3/15/2007
WebDrive looks good if you've only got one computer that you need to use when connecting to the remote server. Personally, that won't work for me because, just yesterday I connected to this site from 4 separate machines. The VMWare solution let all of them connect easily via Samba share. Unfortunately, I can't justify $250 to solve this a different way.
Ram on 3/1/2007
Good article. You use sshfs without passwords by using ssh key authentication with an empty private ssh key. I would suggest doing this as a user other than root. On the ssh client run: cd ssh-keygen -t rsa Leave password blank and press Enter. Copy ~/.ssh/id_rsa.pub from the client to the server's /tmp directory. On the server login as the user and run: cd mkdir .ssh cd .ssh mv /tmp/id_rsa.pub authorized_keys Try loggin in now and you'll see that it will not ask you for a key. There are other changes you may need to make to sshd_config if it still does not work. Let me know.
J Wynia on 3/1/2007
Yeah, Ram, I know that series of steps. It works when communicating between my internal Ubuntu and Debian servers. However, the Ensim/RedHat server that wynia.org sits on doesn't work with any of the "standard" ways of doing this. There's clearly something non-standard on this machine that stops this from working properly. However, readers are welcome to use that as it *does* work with most setups, just not the one I most need.
Nick on 12/30/2007
Check out coLinux; it's a *lot* faster than VMWare, though admittedly a little more involved. If you're using Vista, you might have to grab the development snapshot 0.8.0. I've got sshd, samba, and fuse up-and-running and it's designed to run properly as a service, making things extremely transparent.
J Wynia on 3/5/2007
@Fabian: Nope. Not overkill and won't work on Cygwin. Cygwin can't do the filesystem level of emulation according to dozens of articles I read before trying this other way. It's not overkill because once you've got an Ubuntu VM, it's pretty likely you'll use it for plenty of other things. I've got one that serves as my web development server. It's running the LAMP stack, this sshfs hookup to all of my servers, various database engines, etc. While most of that is possible using Cygwin, it's nowhere NEAR as easy to set up. I've used Cygwin for years, but won't ever go back after using VM setups instead. It takes nearly as long to set up Cygwin as it does to set up a VM, takes up nearly as much disk space, doesn't provide an actual Linux environment, just a "similar" one.
jldugger on 3/6/2007
Indeed, sshfs relies on a system called FUSE (filesystem in userspace) to get things working. VMware might be overkill though -- qemu is free, open source, and does the job. If cygwin could really do the job, you could just do the job with native windows software. Unfortately, the closest we have is the setup daemon tools has. I'd love to see some people rig daemon tools to work with ssh (or maybe just reiserfs / ext3!), but most people who have the skills to do so find linux a much friendlier platform to participate in.
J Wynia on 3/6/2007
VMWare is what I use for quite a bit of other stuff, but pretty much any virtual environment that can host Linux would work for this, as would a physical Linux machine. Mine is virtual so I can take it with me or move it around. It uses Samba so I can use *any* Windows tools I want to work with the files. I also want to say that I'm not claiming that this is the only way to do this or even the best way. It is just how *I* did it. I'd LOVE to see simpler solutions, particularly free ones. Until that time, this is working well for me. I work on multiple platforms pretty much every day and don't have any particular loyalties to any given platform.
Noisome on 1/24/2008
Along with the coLinux being mentioned, andLinux is the presetup debian version of coLinux and is pretty much better than cygwin and vmware all the way around. It is worth at least taking a look at considering what you are using to mount sshfs. Noisome
Amar Nath Satrawala on 2/12/2008
I used the info provided here as follows 1. installed ubuntu jeos on vmware 2. installed openssh-server xserver-xorg-core xfce4-terminal mousepad sshfs samba cream 3. cream is a vim derivative for windows users bang i have only 850 mb or so vm running super fast. i can connect to any linux server forwarding x or not and do it blazing fast no need to have full blown ubuntu, which can not be that fast Thanks people for sharing really useful info.
Joe on 8/28/2007
Thanks a lot for the article. I didn't use a virtual machine since I have a real linux server, but everything else about sshfs and samba has worked perfectly for me! Its a great solution.
J Wynia on 11/28/2007
Thanks, Stefan, I don't think I checked that specifically. Given that this box is running the Ensim Server Appliance software (which seems to use a custom-compiled version of nearly everything), it's pretty likely that it's non-standard in some way. Eventually, I want to get this site off of that box and onto a more standard Linux setup, but it's below quite a few other projects that are higher priority and/or more fun that keep beating it out.
Fenn on 8/11/2007
Also (sorry if this is obvious) known_hosts must contain your remote host or the unattended ssh will fail. Sometimes a longer or shorter key length helps Sometimes root simply cannot ssh
Fenn on 8/11/2007
J, Thanks very much for this! In a pinch you could use expect and autoexpect to automate the login. (This isn't recommended if you can use ssh keyfiles.) ssh debugging is a pain. Things I usually try: use a dsa key if a rsa key doesn't work. use a rsa key if a dsa key doesn't work Check: Did I misspell authorized_keys2 or authorized_keys (I do suprizingly often) do I need ~/.ssh and ~/.ssh2 both? does /etc/hosts.allow let me in does /etc/hosts.deny keep me out does the client need to be running identd (rfc1413) and is it use ssh -v -v -v or ssh -d 3 to get client debug logging check permissions on ~/.ssh and all the files in it (be careful and try different combinations, but don't open things up to the world) use ssh -i keyfile check the server sshd logs (find with google) check the server sshd config files (find them ALL with google) make sure the remote sshd has enough privileges (especially if the remote host is cygwin) If remote host is cygwin makesure ntsec is set, that /etc/password exists, and that is includes the correct SID and GIDs (use psgetsid from Mark Russinovich) google and google again and keep trying - three word googles work best, change the words and read the top 20 - and try google-groups as well as the web Fenn
Kai Mai on 10/3/2007
Ubuntu is overkill when I just want to use SSHFS. How about a VMWare image for DSL(Damn Small Linux) just for running Samba ?
Ossie Moore on 9/16/2007
If you can run an OpenVPN server on the remote server, OpenVPN is a wonderful solution for this kind of thing. Additionally, it will work for anything TCP related, not just windows file sharing. OpenVPN clients are available for pretty much any modern OS, much lighter then an entire virtual machine running and really not too difficult to configure once you've done it once (ok.. maybe twice). If you have the ability to install and setup OpenVPN server, I strongly suggest you try it out. The performance is great, plus, you get another huge benefit. You mention you have multiple machines. Well, if they are all using OpenVPN, you can allow them not only to mount the remote share (directly using windows file sharing instead of mounting a share that is sshfs mounted), but the machines can see each other and mount each other as well.
StefanV on 11/28/2007
J, did you double check the server side ssh software? While OpenSSH is far spread in the open source world, there still are alternative implementations (especially the inventor's commercial one). Though not having come in touch with these myself yet, I read about them using (slightly?) different standards in public key authentication. I'd recommend you find out about the server's configuration details (is /etc/sshd_config world readable?). Don't mean to be pushy, just in case you're still looking for a solution. Any way, thanks for a nice article about sshfs, now I use it really a lot.
Kris on 11/25/2007
sshfs work over ssh. To get it to work without password, u first need to be able to "ssh" to you server without password. This is done using Key based ssh authentication (u can search the web for it -- u need to generate ssh-keys and might have to enable it in your /etc/ssh/sshd.conf) It might be a good idea to limit ur samba access to only ur local system Set interfaces = 192.x.x.x (based on your vmware config) Kris
J Wynia on 11/25/2007
Kris, note that I said that I'm able to get password-less ssh to work *between* several virtual Linux boxes. It's the server that hosts wynia.org that appears to be configured in some way that prevents the normal way of doing that (the way you're suggesting) from working. Given that literally dozens of articles all give that same set of instructions (which don't work for this server), there's clearly something different here from the standard.
akak01000101 on 8/13/2008
This actually works with CurlFtpFS as well and seems to be faster.
Matthew on 4/17/2008
To make this automatic all you need to do is: 1. Setup rsa key with no password 2. Add it to /etc/fstab with the auto option
Jeremy Nickurak on 5/8/2008
The Trellis NAS Bridge Appliance might be of interest to you. This is essentially what it does, with a little more glitz. http://www.cs.ualberta.ca/~paullu/TrellisNBA/
Uwe on 10/20/2009
For all those that don't want to use a virtual machine, there is an open source software that does the trick: http://dokan-dev.net/en/download/#sshfs Only thing that failed for me so war was subversion on a drive mounted with the dokan sshfs service. All standard operations worked fine tho.
fusiondog on 1/19/2009
There is now a real sshfs for windows and a fuse work alike: http://dokan-dev.net/en/download/
Andras Hatvani on 2/11/2009
Hello, two years after publishing this article it is still very useful as I needed exactly that little trick with user_allow_other in /etc/fuse.conf and allow_other in /etc/fstab to make sharing of an SSHFS mount via Samba on andLinux possible. Thanks for the great article! Cheers, Andras
Keith T. on 10/19/2009
It begs the question -- couldn't someone create an SSH client that provides a local CIFS service?
kerem on 10/24/2009
You can use something like Putty for port forwarding in windows. Port 139 is used for network shares, so if you create a loopback connection in Windows, you can then forward all the sftp conenctions to port 139. Search the internet for a more detail instruction. I have successfully adapted that emthod and all my ssh server shares are shown as network drives on my remotes.
Pierer on 2/9/2010
I have encountered a problem - the samba part, I can see the my share in Windows, but it asks for username and password, and I cannot figure what username and password it's asking for, can anyone give me a hint in the right direction?
Bill on 9/28/2009
If I use samba to share the sshfs mount point to Windows computers would I lose the encryption? I would think that from the ssh server to the samba server (if they're not on the same computer) would be encrypted. Then from the samba server to the Windows computers would be unencrypted? Also anyone having a problem with the Windows Dokan SSHFS program? It connects and works but it seems to lose connection under 5 minutes. I keep having to reconnect. I don't have this problem going from Linux to Mac using sshfs or going from Mac to Linux.
blog comments powered by Disqus
Or, browse the archives.
© 2003- 2014 J Wynia. Very Few Rights Reserved. This article is licensed under the terms of the Creative Commons Attribution License. Quoted content or content included from others is not subject to that license and defaults to normal copyright.