About me: My name is Solène Rapenne, pronouns she/her. I like learning and sharing knowledge. Hobbies: '(BSD OpenBSD Qubes OS Lisp cmdline gaming security QubesOS internet-stuff). I love percent and lambda characters. OpenBSD developer solene@. No AI is involved in this blog.

Contact me: solene at dataswamp dot org or @solene@bsd.network (mastodon).

I'm a freelance OpenBSD, FreeBSD, Linux and Qubes OS consultant, this includes DevOps, DevSecOps, technical writing or documentation work.

If you enjoy this blog, you can sponsor my open source work financially so I can write this blog and contribute to Free Software as my daily job.

How to use sshfs on OpenBSD

Written by Solène, on 23 July 2022.
Tags: #openbsd #security

Comments on Fediverse/Mastodon

1. Introduction §

Today we will learn about how to use sshfs, a program to mount a remote directory through ssh into our local file system.

But OpenBSD has a different security model than in other Unixes systems, you can't use FUSE (Filesystem in USErspace) file systems from a non-root user. And because you need to run your fuse mount program as root, the mount point won't be reachable by other users because of permissions.

Fortunately, with the correct combination of flags, this is actually achievable.

sshfs project website

2. Setup §

First, as root we need to install sshfs-fuse from packages.

# pkg_add sshfs-fuse

3. Permissions errors when mounting with sshfs §

If we run sshfs as our user, we will get the error "fuse_mount: permission denied", so root is mandatory for running the command.

But if we run "sshfs server.local:/home /mnt" as root, we can't reach the /mnt directory with our regular user because it's root property:

$ ls /mnt/
ls: /mnt/: Permission denied

This confirms sshfs needs some extra flags to be used for non-root users on OpenBSD.

4. The solution §

As root, we will run sshfs to mount a directory from t470-wifi.local (my laptop Wi-Fi IP address on my LAN) to make it available to our user with uid 1000 and gid 1000 (this is the ids for the first user added), you can find the information about your users with the command "id". We will also use the allow_other mount option.

# sshfs -o idmap=user,allow_other,uid=1000,gid=1000 solene@t470-wifi.local:/home/solene/ /mnt

After this command, when I switch to my user whose id and gid is 1000, I can read and write into /mnt.

5. Credits §

This article exists because many OpenBSD users struggle using sshfs, and it's not easy to find the solution on the Internet.

OpenBSD as NAS FOSDEM talk giving an example of sshfs use

= > https://marc.info/?l=openbsd-misc&m=153390693400573&w=2 misc@openbsd.org email thread explaining why fuse mount behavior changed in 2018