I apologize for doing this two days in a row, but I simply must call out the dorks at Lifehacker again. Their procedure outlined in “Mount a file system on your Mac over SSH” requires you to install two pieces of software.
WTF? You need extra software to do this?
Nope. You can do it with your Mac, right out of the box.
I’ve written about this before… see “(Not) Stumped!“, but not in an all-inclusive manner, as I hope this post will be.
Clarification: This procedure outlines how to mount another share over a secure SSH connection. This is useful if you’re connecting to another machine that’s not on your local area network (e.g., connecting to a work server from home). If your Mac is on the same network segment as the machine you’re connecting to (both presumably behind a good firewall), then the port forwarding part isn’t necessary, and you can instantiate the connection straight-away using Apple+K.
Here’s the short version:
- sudo ssh -fN -L 139:remoteserver:139 username@remoteserver
- Type your connection to localhost
Here’s the complete version:
Make sure that:
- Your user account on your Mac has admin privileges
- You have a login account for the computer (heretofore: Remote Server) from which you’re going to mount a “shared” folder
(having public key authentication–PKA–set up is optional, but will make the process a bit more convenient)
- Firewalls and routers between your Mac and the Remote Server do not block these ports:
- Port 22 – for SSH
- Port 139 – for “Windows” sharing (a.k.a. SMB or Samba)
- Port 548 – for Apple’s “Personal File Sharing” (a.k.a. AFP)
If you’re not connecting to another Mac, you can leave port 548 closed; similarly, if you’re not connecting to a Windows machine (or Linux Samba server), you can leave port 139 closed. Configure your Mac’s firewall settings in the System Preferences, Sharing section.
Open the Terminal application (inside Applications – Utilities) and type:
sudo ssh -fN -L 139:remoteserver:139 username@remoteserver
… for connecting to a Windows server, or:
sudo ssh -fN -L 548:remoteserver:548 username@remoteserver
… for connecting to another Mac.
In each of the above, “remoteserver” is either the name (machine.domain.tld) or IP address of the computer you want to connect to.
If you’ve never done this before, your Mac will ask you to do three things:
- Provide your Mac user account password
- Accept the encryption key from the Remote Server
- Provide your account password for the login account on the Remote Server
Once you’ve done that dance, you’ve successfully performed what is called “SSH port forwarding” in computer geek parlance. Basically, you’ve told your Mac to direct all traffic on its own port 139 (or 548) to the port of the same number on the Remote Server, and encrypt computer-to-computer communications (packets and whatnot) using SSH.
Then, go to Finder and press Apple+K to open the “Connect to Server” dialog. In the Server Address slot, type:
… for connecting to Windows (or Linux Samba), or:
… for connecting to another Mac.
The next dialog will pop up and ask you which “Shared Folder” (referred to simply as a “share”) you want to mount.
Finally, authenticate with the Remote Server using your user name and password. Make sure to check the keychain checkbox if you’re ever going to do this again, so you won’t have to authenticate in the future.
That’s it. Your mounted share should appear on your Desktop in no time.