Purpose: Provide instruction on how to install and configure SSHFS to allow the secure mounting of network shares via SSH.
Installing SSHFS (from Terminal):
sudo port install sshfs
Note: At the end of the install of the sudo port install sshfs you have to read the error message output and issue the symlink command it references to make it work.
Follow the instruction on the terminal and run the following ln command before using macFUSE:
sudo ln -sn /opt/local/Library/Filesystems/macfuse.fs /Library/Filesystems/macfuse.fs
NOTE: This message is for users that did not use MacPort to install macFUSE. This step do not apply to all users
In System Preferences select the macFUSE icon and check for updates. You may experience issues with mounting network shares with macFUSE on your machine is not up to date.
Note: These instructions below are only for M1 users:
When attempting to run a script using sshfs you will get a macFUSE popup stating "System Extension Blocked" seen below.
Select Open system preferences > Security & Privacy > Unlock the lock with your computer password > and select "Enable System Extensions"
Once the action is complete, you will receive another popup to shut down your machine and to boot into recovery mode to enable the kernel extensions from the Security Policy button.
Once your machine is fully powered off, please follow the following steps:
Press and hold the power button until “Loading startup options” appears.
Click Options, then click Continue.
Select an administrator account, then click Next.
Enter the password for the administrator account, then click Continue.
In the Recovery app, choose Utilities > Startup Security Utility.
Select the system you want to use to set the security policy.
If the disk is encrypted with FileVault, click Unlock, enter the password, then click Unlock.
Click Security Policy.
- You will need to select the "Reduced Security: Allows any version of signed operating system software ever trusted by Apple to run" option.
- You will then select "Allow remote management of kernel extensions and automatic software updates: Authorizes remote management of legacy kernel extensions and software updates using a mobile device management (MDM) solution." option
- Click OK
If you changed the security, click the User pop-up menu, choose an administrator account, enter the password for the account, then click OK.
- Choose Apple menu > Restart. (You must restart your Mac for the changes to take effect.)
Creating the mount directories
NOTE: SSHFS only allows shares to mount in your home directory.
Create a mount directory (items in red should be changed by the user):
Warning: do not use sudo for this command, it will create a permission error
mkdir ~/mnt
Connecting to a network share
Note: If the RSA key for your computer changed recently, consult What to do When a Remote Machines RSA Key has Changed
Warning: do not use sudo for this command, it will create a permission error
sshfs 'username@remote_host:/path/to/file' '/Users/username/mnt' -o volname=desired_volume_name -o local
example:
sshfs 'janedoe@thebe.ucsd.edu:/home/janedoe' '/Users/janedoe/mnt' -o volname=janedoe_nethome -o local
The network share should now be mounted to the specified directory and accessible in Finder.
Unmounting the network share
To unmount the network share you created, enter the following command:
umount /path/to/directory
Using sshfs with ssh keys
Create the key on your computer. We recommend using the default key location. You may create a password if you'd like.
host:~ username$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/username/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/username/.ssh/id_rsa. Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
Copy the key to the server you're mounting from:
ssh-copy-id username@server
Use the following sshfs command to mount the share using your key:
sshfs 'username@remote_host:/path/to/file' '/Users/username/mnt' -o volname=desired_volume_name -o IdentityFile=/Users/username/.ssh/id_rsa -o local
If you encounter issues there are a few other articles which may help:
SSHFS Troubleshooting:
Filesharing/Accessing Your Network Home (section on using SSHFS GUI):