SSHFS into Whonix-Workstation

From Whonix
Jump to navigation Jump to search

Mount Whonix-Workstation files on your Host using sshfs.

Introduction[edit]

Note: this is intended for developers/experts only!

This wiki chapter should only be used for debugging purposes.

SSHFS Procedure[edit]

Info Only complete these steps once.

Add Membership[edit]

Perform these steps on the host.

If you are not already a member of the fuse group, add yourself.

sudo adduser `whoami` fuse

If you were not already a member, this message will appear.

Adding user `user' to group `fuse' ...
Adding user user to group fuse
Done.

And should reboot. [1]

If this message appears.

The user `user' is already a member of `fuse'.

Then you are already a member of the fuse group and do not have to reboot.

Import Whonix VMs[edit]

Perform these steps on the host.

  • import Whonix-Gateway
  • import Whonix-Workstation

Modify the Whonix-Gateway VM[edit]

Perform this step on the host.

Be careful if you did not name your VM "Whonix-Gateway"!

VBoxManage modifyvm "Whonix-Gateway" --natpf1 "ssh",tcp,127.0.0.1,2200,,22 ; echo $?

If there is an error, the following message will appear.

VBoxManage: error: The machine '{{project_name_gateway_short}}8.1' is already locked for a session (or being unlocked)
VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component Machine, interface IMachine, callee nsISupports
Context: "LockMachine(a→session, LockType_Write)" at line 377 of file VBoxManageModifyVM.cpp
1

If the procedure is successful, the following message will appear.

0

Update and Install OpenSSH[edit]

Perform these steps on both Whonix-Gateway and Whonix-Workstation.

sudo apt update

sudo apt install openssh-server

Open Ports[edit]

Perform these steps on both Whonix-Gateway and Whonix-Workstation.

echo 'EXTERNAL_OPEN_PORTS+=" 22 "' | sudo tee -a "/etc/whonix_firewall.d/50_user.conf"

sudo whonix_firewall

Open an SSH Connection[edit]

Perform these steps on Whonix-Gateway.

sudo -u tunnel ssh.anondist-orig 10.152.152.11

Yes (accept fingerprint).

Terminate the SSH connection.

exit

Troubleshooting[edit]

Info If SSH is used on the host for other purposes, it might be better to switch to an extra user.

If necessary, these steps should be performed on the host.

Try the following if you experience problems. This might not be necessary; so think first!

killall ssh

killall sshfs

There also seems to be a bug with existing SSH known_hosts files; try these steps if you experience problems. This might not be necessary; so think first!

The "rm" command can be used instead if you know what you are doing.

trash-put ~/.ssh/known_hosts

trash-put ~/.ssh/known_hosts.old

Or.

#rm ~/.ssh/known_hosts

#rm ~/.ssh/known_hosts.old

Create Necessary Folders[edit]

Perform this step on the host.

mkdir ~/mountworkstation

SSHFS into Whonix-Workstation[edit]

Perform these steps on the host.

ssh -f user@127.0.0.1 -p 2200 -L 2222:10.152.152.11 :22 -N

sshfs -p 2222 user@127.0.0.1:/ ~/mountworkstation

Footnotes[edit]

  1. If not, restarting X may also work.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!