SSHFS into Whonix-Workstation

From Whonix
Jump to navigation Jump to search



Sshfs.jpg

Introduction[edit]

Ambox warning pn.svg.png Note: this is intended for developers/experts only!

This wiki chapter should only be used for debugging purposes.

SSHFS Procedure[edit]

Info Only complete these steps once.

Add Membership[edit]

Perform these steps on the host.

If you are not already a member of the fuse group, add yourself.

sudo adduser `whoami` fuse

If you were not already a member, this message will appear.

Adding user `user' to group `fuse' ...
Adding user user to group fuse
Done.

And should reboot. [1]

If this message appears.

The user `user' is already a member of `fuse'.

Then you are already a member of the fuse group and do not have to reboot.

Import Whonix ™ VMs[edit]

Perform these steps on the host.

  • import Whonix-Gateway ™
  • import Whonix-Workstation ™

Modify the Whonix-Gateway ™ VM[edit]

Perform this step on the host.

Be careful if you did not name your VM "Whonix-Gateway"!

VBoxManage modifyvm "Whonix-Gateway" --natpf1 "ssh",tcp,127.0.0.1,2200,,22 ; echo $?

If there is an error, the following message will appear.

VBoxManage: error: The machine '{{project_name_gateway_short}}8.1' is already locked for a session (or being unlocked)
VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component Machine, interface IMachine, callee nsISupports
Context: "LockMachine(a→session, LockType_Write)" at line 377 of file VBoxManageModifyVM.cpp
1

If the procedure is successful, the following message will appear.

0

Update and Install OpenSSH[edit]

Perform these steps on both Whonix-Gateway ™ and Whonix-Workstation ™.

sudo apt update

sudo apt install openssh-server

Open Ports[edit]

Perform these steps on both Whonix-Gateway ™ and Whonix-Workstation ™.

echo 'EXTERNAL_OPEN_PORTS+=" 22 "' | sudo tee -a "/etc/whonix_firewall.d/50_user.conf"

sudo whonix_firewall

Open an SSH Connection[edit]

Perform these steps on Whonix-Gateway ™.

ssh.anondist-orig 10.152.152.11

Yes (accept fingerprint).

Terminate the SSH connection.

exit

Troubleshooting[edit]

Info If SSH is used on the host for other purposes, it might be better to switch to an extra user.

If necessary, these steps should be performed on the host.

Try the following if you experience problems. This might not be necessary; so think first!

killall ssh

killall sshfs

There also seems to be a bug with existing SSH known_hosts files; try these steps if you experience problems. This might not be necessary; so think first!

The "rm" command can be used instead if you know what you are doing.

trash-put ~/.ssh/known_hosts

trash-put ~/.ssh/known_hosts.old

Or.

#rm ~/.ssh/known_hosts

#rm ~/.ssh/known_hosts.old

Create Necessary Folders[edit]

Perform this step on the host.

mkdir ~/mountworkstation

SSHFS into Whonix-Workstation ™[edit]

Perform these steps on the host.

ssh -f user@127.0.0.1 -p 2200 -L 2222:10.152.152.11 :22 -N

sshfs -p 2222 user@127.0.0.1:/ ~/mountworkstation

Footnotes[edit]

  1. If not, restarting X may also work.