0

I have a beefy HDD connected to my Linux laptop and I'd like to be able to mount it to my remote Linux server somehow.

How can I do that? What's the simplest way to do it?

techsk8
  • 521
  • 1
  • 8
  • 26
  • I guess sshfs can do that – 炸鱼薯条德里克 Jul 15 '22 at 13:27
  • 1
    sshfs, CIFS, NFS. Some performance figures: https://blog.ja-ke.tech/2019/08/27/nas-performance-sshfs-nfs-smb.html – Artem S. Tashkinov Jul 15 '22 at 13:27
  • Ohh yes. But could you explain how? – techsk8 Jul 15 '22 at 13:28
  • 1
    Google: "Linux how to mount using what_you_like", "Linux how to export using what_you_like", e.g. Linux how to export using CIFS. – Artem S. Tashkinov Jul 15 '22 at 13:30
  • You're right, @ArtemS.Tashkinov. I found everything. I thought it would be different if I were to mount it from my side to the remote server. But it's the same procedure. Only that the `ssh` server is now my laptop which trough `sshfs` "serves" my HDD over the internet to the remote server. – techsk8 Jul 15 '22 at 13:45
  • @ArtemS.Tashkinov by the way, thank you for that article! I didn't realize samba's encryption performed that badly. If I find time, I might make some benchmarks with unencrypted shares over Wireguard or TLS tunnels. – Marcus Müller Jul 15 '22 at 16:51
  • 1
    @MarcusMüller This comparison is quite dated, would be nice if someone tested a CPU which supports HW acceleration AES encryption. Pretty much all the consumper CPUs nowadays support it, even Intel Atom: https://www.intel.com/content/www/us/en/products/sku/212327/intel-pentium-silver-n6005-processor-4m-cache-up-to-3-30-ghz/specifications.html And ARM SoCs have supported it for years now: https://en.wikipedia.org/wiki/AES_instruction_set#Hardware_acceleration_in_other_architectures – Artem S. Tashkinov Jul 15 '22 at 18:11

2 Answers2

2

While SSHFS is an easy choice, I'd recommend not using it for actual remote file access: It's not very robust against dropped connections, and unlike other network file systems, it basically makes no guarantees on consistency of access from the local and the remote system... that's a recipe for disaster, imho.

Also, I find it quite slow, but this might or might not be relevant to your use case. It might also not be worse than SMB.

If you really need high-performance access, then probably not that many ways really lead around setting up a NFS export on your laptop. Artem is right, doing NFS with built-in encryption correctly is hard¹.

However, doing an encrypted link between laptop and server is not hard at all, and in this day and age, has no performance downside over NFS with the built-in Kerberos-based encryption (which is what makes an encrypted NFS system hard to set up).

You should set up an unsecured NFS share (that's really insecure!), but restrict it to addresses from a simple wireguard point-to-point link. That is really easy to set up, and you immediately can stop worrying about who can sniff traffic between laptop and server, and who can act as if they're either party, because the authentication is then handled by the cryptographical routines in the Linux kernel underpinning wireguard.

You can alternatively run samba on the laptop to make an CIFS share, which can be encrypted as well. That's not harder or easier, in my experience, to get right than the NFS+wireguard setup above. It's marginally less performant (again, your laptop's network interface might be the limiting factor here) than NFS, usually, but needs less fine-tweaking if you want to do something special. It works nicely with windows clients, as well.

This is very fresh, I have zero experience with it, but Linux 5.16 brings what Microsoft considers a stable implementation of the KSMBD, the in-kernel SMB daemon, doing the same as samba does in userland for file shares (not the huge rest of what Samba does, from user management to domain control), and I think it should be easier than Samba to set up – but nobody has yet written any end-user-friendly guides, as far as I can tell.

¹ harder than I deem acceptable; this is really one of the architectural shortcomings of NFS: requiring working Kerberos infrastructure to enable encryption on links has no technical reason – TLS, NaCl, wireguard … works everywhere else – but simply comes from a time before cryptographically secure links were the standard.

Marcus Müller
  • 21,602
  • 2
  • 39
  • 54
0

Everything I needed was here. Maybe it will help someone.

  1. How To Use SSHFS to Mount Remote File Systems Over SSH

  2. How to use SSHFS to Mount Remote Directories over SSH

techsk8
  • 521
  • 1
  • 8
  • 26
  • 1
    Why do you involve `ssh`? Have you heard about NFS? – Romeo Ninov Jul 15 '22 at 14:14
  • 1
    @RomeoNinov encryption in NFS is painful to set up. SSH requires basically zero configuration. – Artem S. Tashkinov Jul 15 '22 at 16:17
  • @ArtemS.Tashkinov but SSHFS really isn't a good network file system, and interrupting the SSH connection once can bring the whole mount into an irrecoverable state. It's really a debugging crutch, if you ask me. I like the two other options, CIFS and NFS much better. I remember some Linux file manager (was it Konqueror?) even making it really easy to right-click on a folder and share it via CIFS, because it's relatively easy to set up. – Marcus Müller Jul 15 '22 at 16:33