matsu

Howto: mounting your Mac filesystem through the internet using SSH

This brief tutorial will teach how to mount the entire filesystem of a fixed Mac computer connected to the internet through encrypted SSH so it shows up just like a network drive on any Mac you want, through any internet connection.

I’ll be talking about the host Mac (the one where the original filesystem resides) as host, and the moving Mac as the client, where the remote volumes will be read/written from.

Requirements:

1. Make sure you have admin privileges on both the host and client computers (although running your main account with admin privileges is not advised);
2. Make sure that on the host machine that you’re either connected directly to the internet and have TCP port 22 not firewalled or you have privileges to reconfigure your internet router to re-route port 22 requests from the internet to the host computer;
3. Make sure that you can access the host computer from the internet, either by having a fixed IP address (not normal on domestic aDSL or Cable connections), or by using a free service such as DynDns.org (this explanation goes beyond the scope of this howto – search for the solution for your own router or Mac on the internet);

Procedures on the host machine:

1. On System Preferences, under “Internet and Network” you’ll find the “Sharing” icon, click it;
2. Under “Services”, turn “Remote Login” on – authenticate yourself as necessary beforehand if needed;
3. Open a terminal window on the same machine, and type ssh yourusername@127.0.0.1 to test if in fact the SSH service has become activated – follow the instructions;
4. If the computer is connected directly to the internet, also under “Sharing”, you’ll find the firewall tab, click on the allow column for “Remote Login – SSH”;
5. Or if you’re connected to the internet through a router, you’ll have to look for port mappings or something equivalent on the router, to relay all internet requests for port 22 from the internet to the host computer (this explanation goes beyond the scope of this howto – search for the solution for your own router on the internet).

Procedures on the client machine:

You will need three pieces of software:

• MacFUSE – obtainable here;
• sshfs – also obtainable here;
• MacFusion – a wrapper to make everything more user friendly, obtainable here, make sure the version you’re downloading is compatible with the core version of MacFUSE you obtained (as I’m writing this, everything is a bit under development, so there are incompatible beta versions floating around)

1. Install MacFUSE and reboot, followed by installing sshfs and MacFusion (which in theory don’t need a system restart to work);
2. On a terminal window on the client, outside from the host’s LAN (i.e., connected through the internet) test first if you can SSH to the host machine, by typing ssh username@completedomain.com
3. If you can login into your account, the next step is to fire up MacFusion (which should be located in your Applications folder of your client machine
4. MacFusion is really simple – preferences are resumed to setting MacFusion to startup itself at boot, to check for updates to itself on Startup, and what to do when the client Mac goes to sleep and resumes.
5. The only thing missing now is to add, if you wish, the host computer to MacFusion’s favorites list – you’ll have to supply the name (whatever you wish), the server (without any “http” or similar prefixes), the Port can be left at 22, you can change the Server Path to / if you want for instance to access the “Volumes” directory to access any external disks that specific user has access to, and the most likely authentication method you’ll be using is “Password”.
6. The first time you try to mount (connect to) to the host’s filesystem from the client machine, MacFusion will even be nice enough to give you the option to store the password in the Keychain – this is up to you, if you trust you computing space enough to store passwords or not.

This is it! If everything worked, you’ll have a brand new volume on your desktop, that works exactly like a local LAN drive, with the permissions of the user you logged yourself as. Now you can do backups remotely through the internet, do anything you could do with a local LAN drive, but through a fully encrypted tunnel, and just limited by both the upstream and downstream speeds of both the host’s and client’s machine internet connections.