How to Mount a Filesystem on your Mac: The Easy Way

I apologize for doing this two days in a row, but I simply must call out the dorks at Lifehacker again. Their procedure outlined in “Mount a file system on your Mac over SSH” requires you to install two pieces of software.

WTF? You need extra software to do this?

Nope. You can do it with your Mac, right out of the box.

I’ve written about this before… see “(Not) Stumped!“, but not in an all-inclusive manner, as I hope this post will be.

Clarification: This procedure outlines how to mount another share over a secure SSH connection. This is useful if you’re connecting to another machine that’s not on your local area network (e.g., connecting to a work server from home). If your Mac is on the same network segment as the machine you’re connecting to (both presumably behind a good firewall), then the port forwarding part isn’t necessary, and you can instantiate the connection straight-away using Apple+K.

Here’s the short version:

  1. sudo ssh -fN -L 139:remoteserver:139 username@remoteserver
  2. Apple+K
  3. Type your connection to localhost
  4. Authenticate

Here’s the complete version:

Pre-Flight

Make sure that:

  1. Your user account on your Mac has admin privileges
  2. You have a login account for the computer (heretofore: Remote Server) from which you’re going to mount a “shared” folder
    (having public key authentication–PKA–set up is optional, but will make the process a bit more convenient)

  3. Firewalls and routers between your Mac and the Remote Server do not block these ports:
    • Port 22 – for SSH
    • Port 139 – for “Windows” sharing (a.k.a. SMB or Samba)
    • Port 548 – for Apple’s “Personal File Sharing” (a.k.a. AFP)

If you’re not connecting to another Mac, you can leave port 548 closed; similarly, if you’re not connecting to a Windows machine (or Linux Samba server), you can leave port 139 closed. Configure your Mac’s firewall settings in the System Preferences, Sharing section.

Do It

Open the Terminal application (inside Applications – Utilities) and type:

sudo ssh -fN -L 139:remoteserver:139 username@remoteserver

… for connecting to a Windows server, or:

sudo ssh -fN -L 548:remoteserver:548 username@remoteserver

… for connecting to another Mac.

In each of the above, “remoteserver” is either the name (machine.domain.tld) or IP address of the computer you want to connect to.

If you’ve never done this before, your Mac will ask you to do three things:

  1. Provide your Mac user account password
  2. Accept the encryption key from the Remote Server
  3. Provide your account password for the login account on the Remote Server

Check it:

sshpf1.png

Once you’ve done that dance, you’ve successfully performed what is called “SSH port forwarding” in computer geek parlance. Basically, you’ve told your Mac to direct all traffic on its own port 139 (or 548) to the port of the same number on the Remote Server, and encrypt computer-to-computer communications (packets and whatnot) using SSH.

Then, go to Finder and press Apple+K to open the “Connect to Server” dialog. In the Server Address slot, type:

smb://localhost/

… for connecting to Windows (or Linux Samba), or:

afp://localhost/

… for connecting to another Mac.

sshpf2.png

The next dialog will pop up and ask you which “Shared Folder” (referred to simply as a “share”) you want to mount.

sshpf3.png

Finally, authenticate with the Remote Server using your user name and password. Make sure to check the keychain checkbox if you’re ever going to do this again, so you won’t have to authenticate in the future.

sshpf4.png

That’s it. Your mounted share should appear on your Desktop in no time.

Advertisements

7 thoughts on “How to Mount a Filesystem on your Mac: The Easy Way

  1. great tip although i don’t believe you need port 548/TCP. i say this because i share between my mac, ubuntu, and work windows box without it. i’m using samba for everything

    just a thought?!

  2. You’re right, you don’t need to open 548 if you’re just using smb://. Ports 22 and 139 will do the trick.

    But, if you wanted to mount a share on a Mac that’s running only “Personal File Sharing”, you will need to open 548 to use afp://.

  3. Great tutorial, thanks. But a question—is there any way to map a custom port (not the privileged 139) and specify that custom port in Finder’s “Connect to Server” box? I can specify the custom port via the Terminal’s smbclient, but when I try something like

    smb://localhost:7070

    then it doesn’t work. Thoughts?

  4. The short answer is: I don’t think there’s a way to do what you want.

    According to:
    http://forums.macosxhints.com/archive/index.php/t-9543.html
    … specifying the port number in the “Connect to Server” dialog will work, but that discussion happened back in 2003, and is probably obsolete.

    I remember trying this trick (mapping local high port to remote 139) many times, and (IIRC) it didn’t work as expected.

    I think the problem is that we’re conflating what is standard URI protocol for a web browser w/ the dialog box provided by Apple, which may not support the additional port number argument. None of Apple’s support documents mention the ability to specify alternate ports when using apple+k.

    Further, mount_smbfs doesn’t even have flags for port numbers, so that doesn’t appear to be a valid work-around for apple+k either.

  5. The “extra software” are for sftp (ssh) … not for smb or afp. Do you have any solution for sftp, as it’s not in the list of “Connect to Server” prototypes in mac.

  6. The “Connect to Server” dialog or service or whatever it’s called does not support ssh or sftp. Your options, then, are limited to using a separate application (e.g., Transmit) or doing all your sftp-related tasks on the command line.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s