SSHFS Manager – a secure FTP alternative
One of the first things a developer needs when starts a new project, it’s remote access to files and database. Today we’ll discuss the first one.
The most common way of accessing files from a server is via File Transfer Protocol (FTP), but we know that no software ever made is flawless, so I recommend that you do a Google search for “Stop using FTP” and you’ll see the reasons why FTP is not a good option anymore and why SSH is better.
Recently, I’ve moved to cloud so I had to setup my own hosting environment for this website and all my future projects.
Well, after setting up my hosting environment I have used the Webmin’s built-in file manager (written in Java) which is great and all that, but I didn’t want to always keep my browser on and navigate through my project files so I said “Let’s connect to FTP as I did on shared hosting”.
After adding user, password, configured ProFTPD server and all systems were up & running, I opened FileZilla and gave it a try. Error, could not connect, error, error, connection refused by server, error… I have searched the web for causes and solutions, tried them all (all that I found while I didn’t get bored searching for more) and nothing worked.
All this time, I could connect via SSH, so I thought “Why not disabling FTP and use SFTP?”. Didn’t find anything to stop me from doing that, so I did it!
Secure File Transfer Protocol (or FTP over SSH) is recommended over FTP because of its security advantages (not to be confused with FTPS).
At this point, the user can connect with username and password or with SSH keys. If you still want to use a client to browse your files, you can do it, but if you choose the SSH key-based authentication you have to be sure that the client you use has the option of setting the key location. If you’re confortable with using just the terminal, you’re good to go with programs like sftp and ssh – but for me, just the terminal wasn’t an option because I wanted to phisically browse and see the list of files and directories as I did back then on shared hosting via FTP or even better as it is a part of my computer, mounted at a specific location.
Having this said, the only solution was one that could state that:
You can use sshfs to mount a remote system – accessible via SSH – to a local folder, so you will be able to do any operation on the mounted files with any tool (copy, rename, edit with vim, etc)
excerpt from ArchWiki
… and that solution is called SSHFS (GitHub page).
So, what I precisely did:
- Completly deactivated FTP access and ProFTPD server from Webmin.
- Added the SSH users I needed and deactivated the password authetication (I wanted to have a thicker layer of security and just use SSH key-based authentication)
- Used sshfs to mount my project files on my local Linux machine.
- Enjoyed the freedom of browsing the files I needed directly on my machine without a SFTP client or a web-based file manager.
Note: because I have multiple SSH keys generated on my machine under different names, I had to add an extra option to the sshfs command to mention the location of the key that matches current user and host. Mostly, I use sshfs like this:
sshfs firstname.lastname@example.org:public_html /my/local/public_html/directory -C -p 2930 -o IdentityFile=~/.ssh/my_ssh_key_for_mydomain
Two disadvantages emerge from this solution:
- Deactivating password authentication means that I must have the keys generated on the machine I’m currently working on
- Always provide the SSH key to the sshfs program via IdentityFile option.
For the second drawback I have added some aliases in my .bashrc file and that solved it, but what if I want to add more servers and also connect & disconnect from one or specific servers? For this I’ll need something more than just adding aliases in .bashrc file.
A bash script for managing SSHFS connections.
A program that gives you the possibility to store your servers, connect & disconnect from them is the solution for the last issue I’ve mentioned and this is something I’ve been working on lately.
The script I’m gonna talk about next it’s command line only, so in case you are more comfortable with a GUI, you can always use the Nautilus file manager that comes with Gnome to connect to servers using sftp or ssh.
Let’s talk about main functionalities directly on commands:
- Install the script after downloading source code
[dummy@hostname sshfs-manager] bash sshfs-manager.sh install [SSHFS-MGR] Begin installation... Mount path under which all servers will be mounted: /home/dummy/SSHFS_MGR [SSHFS-MGR] Script has been successfully installed. [SSHFS-MGR] Open new terminal window and run "sshfs-mgr --help" for the available commands.
- Add a server in script’s database
[dummy@hostname ~]$ sshfs-mgr add-server [SSHFS-MGR] Adding new server... Server address (eg: mydomain.com): dummy.com SSH username: dummy_sshusr Server source directory to be mounted (eg: public_html): publict_html Local mount directory under global mount path (eg: mydomain_com): dummy_public_html SSHFS options (any option provided by sshfs --help): -C -p 2389 -o IdentityFile=~/.ssh/dummy_sshusr_key ## [dummy.com] **** domain=dummy.com **** user=dummy_sshusr **** sourceDir=publict_html **** mountDir=dummy_public_html **** sshfsOptions=-C -p 2389 -o IdentityFile=~/.ssh/dummy_sshusr_key [SSHFS-MGR] Server has been successfully saved. [SSHFS-MGR] You can now connect to dummy.com using the "connect" command.
- Connect to one of added servers
[dummy@hostname ~]$ sshfs-mgr connect [SSHFS-MGR] Available servers: 1 - blog.dummyhost.com 2 - dummy.com 3 - mydummywork.com [SSHFS-MGR] Enter a number from the list: 1 [SSHFS-MGR] Connecting to server blog.dummyhost.com... [SSHFS-MGR] Server is now connected.
- Disconnect from all or specific servers
[dummy@hostname ~]$ sshfs-mgr disconnect [SSHFS-MGR] Disconnecting server blog.dummyhost.com... [SSHFS-MGR] Disconnecting server dummy.com... [SSHFS-MGR] All servers are now disconnected.
[dummy@hostname ~]$ sshfs-mgr disconnect mydummywork.com [SSHFS-MGR] Disconnecting server mydummywork.com... [SSHFS-MGR] Server is now disconnected.
I don’t think the commands need further explanations, the code output speaks for itself.
If you still have any questions, please leave a comment below or visit project’s Github page.
This is my first (advanced) shell script I have written till this moment, so please be kind about styleguide and performance issues it may have.
Any contribution is encouraged & appreciated.