Effectively sshfs for Windows

sshfs is a great tool to use for temporary or non-performance-critical secure sharing of files between *nix systems. However, I needed to mount a share from Windows 7. Dokan-dev is an open-source option with various bits licensed GPL/LGPL/MIT, but unfortunately it seems to be a part-time project and it’s not clear that it would receive timely security updates. Thus, it’s something to watch, but it doesn’t solve my problem. If I’m willing to part with money, there seem to be two main contenders (which seem to work well, according to further web searching): ExpanDrive and WebDrive. These are both linked from the SSHFS WikiPedia Page, along with some other alternatives suitable for users who are a little more savvy.

I ended up going with SftpNetDrive, which is closed source but free for non-commercial use. It supports public-key based authentication using .ppk files created using PuTTYgen, and allows one to choose a consistent drive letter, auto-connect at startup, optionally mount a subdirectory instead of the whole remote user’s home directory, conditionally not show dot files, etc.

Thus, for giving a novice user a one-click way to mount a remote directory using public-key-based authentication, this solution works fairly well.

I plan to further constrain the user’s account on the *nix system using a chroot jail or similar, but haven’t worked out all the details yet. Debian Administration seems to have what I’m looking for, as usual. If there are any snafus, I’ll update this post.

Update: Using public-key authentication can be a challenge as .ssh becomes inaccessible to sshd when the user attempts to authenticate. The best solution seems to be using two different “home” directories; one that just contains .ssh/, and another that is the root of the chroot jail.

This is the type of thing to watch out for when setting this up; don’t lull yourself into a false sense of security.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s