SSHFS into Whonix-Workstation
Donate
Mount Whonix-Workstation™ files on your Host using sshfs.
Introduction[edit]
Note: this is intended for developers/experts only!
This wiki chapter should only be used for debugging purposes.
SSHFS Procedure[edit]
Only complete these steps once.
Add Membership[edit]
Perform these steps on the host.
If you are not already a member of the fuse group, add yourself.
sudo adduser `whoami` fuse
If you were not already a member, this message will appear.
Adding user `user' to group `fuse' ... Adding user user to group fuse Done.
And should reboot. [1]
If this message appears.
The user `user' is already a member of `fuse'.
Then you are already a member of the fuse group and do not have to reboot.
Import Whonix VMs[edit]
Perform these steps on the host.
- import Whonix-Gateway
- import Whonix-Workstation
Modify the Whonix-Gateway VM[edit]
Perform this step on the host.
Be careful if you did not name your VM "Whonix-Gateway"!
VBoxManage modifyvm "Whonix-Gateway" --natpf1 "ssh",tcp,127.0.0.1,2200,,22 ; echo $?
If there is an error, the following message will appear.
VBoxManage: error: The machine '{{project_name_gateway_short}}8.1' is already locked for a session (or being unlocked)
VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component Machine, interface IMachine, callee nsISupports
Context: "LockMachine(a→session, LockType_Write)" at line 377 of file VBoxManageModifyVM.cpp
1
If the procedure is successful, the following message will appear.
0
Update and Install OpenSSH[edit]
Perform these steps on both Whonix-Gateway and Whonix-Workstation.
sudo apt update
sudo apt install openssh-server
Open Ports[edit]
Perform these steps on both Whonix-Gateway and Whonix-Workstation.
echo 'EXTERNAL_OPEN_PORTS+=" 22 "' | sudo tee -a "/etc/whonix_firewall.d/50_user.conf"
sudo whonix_firewall
Open an SSH Connection[edit]
Perform these steps on Whonix-Gateway.
sudo -u tunnel ssh.anondist-orig 10.152.152.11
Yes (accept fingerprint).
Terminate the SSH connection.
exit
Troubleshooting[edit]
If SSH is used on the host for other purposes, it might be better to switch to an extra user.
If necessary, these steps should be performed on the host.
Try the following if you experience problems. This might not be necessary; so think first!
killall ssh
killall sshfs
There also seems to be a bug with existing SSH known_hosts files; try these steps if you experience problems. This might not be necessary; so think first!
The "rm" command can be used instead if you know what you are doing.
trash-put ~/.ssh/known_hosts
trash-put ~/.ssh/known_hosts.old
Or.
#rm ~/.ssh/known_hosts
#rm ~/.ssh/known_hosts.old
Create Necessary Folders[edit]
Perform this step on the host.
mkdir ~/mountworkstation
SSHFS into Whonix-Workstation[edit]
Perform these steps on the host.
ssh -f user@127.0.0.1 -p 2200 -L 2222:10.152.152.11 :22 -N
sshfs -p 2222 user@127.0.0.1:/ ~/mountworkstation
Footnotes[edit]
- ↑ If not, restarting X may also work.
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!