Purpose: Provide instruction on how to install and configure SSHFS to allow the secure mounting of network shares via SSH.

Installing SSHFS (from Terminal):

sudo port install sshfs

Note: At the end of the install of the sudo port install sshfs you have to read the error message output and issue the symlink command it references to make it work.

Follow the instruction on the terminal and run the following ln command before using macFUSE:

sudo ln -sn /opt/local/Library/Filesystems/macfuse.fs /Library/Filesystems/macfuse.fs

NOTE: This message is for users that did not use MacPort to install macFUSE. This step do not apply to all users

In System Preferences select the macFUSE icon and check for updates. You may experience issues with mounting network shares with macFUSE on your machine is not up to date.

Note: If you do not see macFUSE appear in the System Settings window, you can download macFUSE manually from https://osxfuse.github.io/ to install the program. Be sure to download the correct dmg based on the OS and chipset you are installing on.

Note: These instructions below are only for M1 users:

When attempting to run a script using sshfs you will get a macFUSE popup stating "System Extension Blocked" seen below.

Select Open system preferences > Security & Privacy > Unlock the lock with your computer password > and select "Enable System Extensions"

Once the action is complete, you will receive another popup to shut down your machine and to boot into recovery mode to enable the kernel extensions from the Security Policy button.

Once your machine is fully powered off, please follow the following steps:

Press and hold the power button until “Loading startup options” appears.
Click Options, then click Continue.
Select an administrator account, then click Next.
Enter the password for the administrator account, then click Continue.
In the Recovery app, choose Utilities > Startup Security Utility.
Select the system you want to use to set the security policy.
If the disk is encrypted with FileVault, click Unlock, enter the password, then click Unlock.
Click Security Policy.
1. You will need to select the "Reduced Security: Allows any version of signed operating system software ever trusted by Apple to run" option.
2. You will then select "Allow remote management of kernel extensions and automatic software updates: Authorizes remote management of legacy kernel extensions and software updates using a mobile device management (MDM) solution." option
Click OK
If you changed the security, click the User pop-up menu, choose an administrator account, enter the password for the account, then click OK.
Choose Apple menu > Restart. (You must restart your Mac for the changes to take effect.)

Connecting to a network share

Creating the mount directories

NOTE: SSHFS only allows shares to mount in your home directory.
Create a mount directory (items in red should be changed by the user):

Warning: do not use sudo for this command, it will create a permission error

mkdir ~/mnt

Note: If the RSA key for your computer changed recently, consult What to do When a Remote Machines Key has Changed

Warning: do not use sudo for this command, it will create a permission error

sshfs 'username@remote_host:/path/to/file' '/Users/username/mnt' -o volname=desired_volume_name -o local

example:

sshfs 'janedoe@thebe.ucsd.edu:/home/janedoe' '/Users/janedoe/mnt' -o volname=janedoe_nethome -o local

The network share should now be mounted to the specified directory and accessible in Finder.

Unmounting the network share

To unmount the network share you created, enter the following command:

umount /path/to/directory

Using sshfs with ssh keys

Create the key on your computer. We recommend using the default key location. You may create a password if you'd like.

host:~ username$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.

Copy the key to the server you're mounting from:

ssh-copy-id username@server

Use the following sshfs command to mount the share using your key:

sshfs 'username@remote_host:/path/to/file' '/Users/username/mnt' -o volname=desired_volume_name -o IdentityFile=/Users/username/.ssh/id_rsa -o local

If you encounter issues there are a few other articles which may help:

SSHFS Troubleshooting:

SSHFS Troubleshooting

Filesharing/Accessing Your Network Home (section on using SSHFS GUI):

File Sharing Accessing Your Network Home

Browser not supported