SSHFS Mount Through a Jumphost: Step-by-Step Guide for Multi-Hop File System Access


4 views

When dealing with multi-server environments, you often need to access files on machine C through an intermediary jumphost B. While SSH tunneling works for command-line access, mounting remote filesystems via SSHFS requires special handling since SSHFS doesn't natively support proxy jumps.

We'll implement this using SSH's built-in ProxyJump feature combined with FUSE mounting. Here are the three methods to achieve this:

First, configure your SSH client to handle the jump:

# ~/.ssh/config
Host JumpHost
    HostName B_host
    User your_username
    IdentityFile ~/.ssh/id_rsa

Host TargetHost
    HostName C_host
    User your_username
    IdentityFile ~/.ssh/id_rsa
    ProxyJump JumpHost

Now mount using SSHFS:

sshfs TargetHost:/remote/path /local/mount/point -o follow_symlinks

For one-time mounting without config changes:

sshfs -o ssh_command="ssh -J B_host" C_host:/path /local/mount

Or the older ProxyCommand syntax:

sshfs -o ssh_command='ssh -A -t B_host ssh -A -t C_host' :/path /local/mount

For better performance on frequent access:

# Establish control path first
ssh -Nf -M -S ~/.ssh/control-%C B_host
ssh -Nf -M -S ~/.ssh/control-%C -o 'ProxyJump B_host' C_host

# Then mount with control path
sshfs -o ssh_command="ssh -S ~/.ssh/control-%C" C_host:/path /local/mount

Permission errors: Ensure you have fuse and sshfs properly installed on Host A, and appropriate permissions on Host C's filesystem.

Connection timeouts: Add these options to your mount command:

-o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3

Debugging: Use verbose mode to identify connection issues:

sshfs -o ssh_command="ssh -J B_host -v" C_host:/path /local/mount -o debug

For better performance across multiple hops:

  • Use compression: -o compression=yes
  • Increase cache timeout: -o cache_timeout=120
  • Disable attribute caching if not needed: -o noforget

For some use cases, creating a local port forward might be simpler:

ssh -L 2222:C_host:22 B_host
sshfs -p 2222 localhost:/path /local/mount

Remember to unmount when done:

fusermount -u /local/mount

When working with nested SSH connections (A→B→C), mounting filesystems from machine C directly to A isn't as straightforward as a direct SSHFS connection. The standard sshfs command doesn't natively support jump hosts, but we have several reliable workarounds.

The most robust solution uses SSH's ProxyCommand feature. First, add this to your ~/.ssh/config:

Host JumpHost
    HostName B_host
    User your_username

Host TargetHost
    HostName C_host
    User remote_username
    ProxyCommand ssh -W %h:%p JumpHost

Then mount with:

sshfs TargetHost:/remote/path /local/mount/point -o follow_symlinks

For quick one-time mounts without config changes:

sshfs -o ssh_command="ssh -t B_host ssh" C_host:/path /local/mount

When facing firewall restrictions:

# On machine A:
ssh -L 2222:C_host:22 B_host

# In another terminal:
sshfs -p 2222 localhost:/remote/path /local/mount

If you encounter connection issues:

# Add verbose output:
sshfs TargetHost:/path /mount -o sshfs_debug,debug

# Check permissions:
ls -la /mount

For better throughput over multiple hops:

sshfs TargetHost:/path /mount -o compression=no,cache_timeout=3600

Always use:

-o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3

And consider SSH key-based authentication with agent forwarding.