Skip to content

Latest commit

 

History

History
131 lines (85 loc) · 4.33 KB

README.org

File metadata and controls

131 lines (85 loc) · 4.33 KB

autosshfs – Per user SSHFS automount using user’s SSH config and keys.

Introduction

Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.

Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain.

This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at http://pturing.firehead.org/software/autofs_sshfs/

License

Copyright 2011,2012,2013 hellekin <[email protected]>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See: COPYING (or run make license if you’re online)

Requirements

  • sudo privilege (for installation)
  • ssh, sshfs, autofs, keychain, ssh-askpass

Quick Install

   sudo apt-get install keychain ssh-askpass sshfs autofs
   git clone https://github.com/hellekin/autosshfs.git
   cd autosshfs && sudo make install
   sudo autosshfs-user add $(id -un)

If you don’t already have an SSH key, create one now

   if [ ! -r $HOME/.ssh/id_rsa ]; then ssh-keygen; fi
   ssh-copy-id [user@]yourremotehost[:port]

You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).

Usage

   ls ~/mnt/ssh/[user@]yourremotehost[:port]

This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]

The values denoted by square brackets are optional.

By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.

The following are all valid:

   ls ~/mnt/ssh/yourremotehost
   ls ~/mnt/ssh/yourremotehost:1234
   ls ~/mnt/ssh/user@yourremotehost
   ls ~/mnt/ssh/user@yourremotehost:1234

Operation

This section describes how the whole thing works.

/etc/auto.master

  1. Each entry MUST point to under user’s $HOME. We assume it takes the form
     /home/$USER/mnt/ssh/mountpoint

In any other case it will break.

  1. UID and GID must match id -u $USER and id -g $USER
  2. $USER must be in group autossh

Example:

  /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost

Since @7f2007b, workaround=rename is enabled by default to mimick POSIX behavior when renaming files (see Issue #4), e.g., to avoid issues with moving files in SVN repositories. If that option is not what you want, please reopen the issue so we devise a better solution.

autosshfs-user

This program enables or disables the automount service for a user.

Running autosshfs-user add joe will:

  • add joe to the autosshfs group
  • create a autosshfs-as-joe sudo wrapper for SSH
  • register the user automounter in /etc/auto.master
  • restart autofs

Running autosshfs-user del joe will:

  • remove joe from the autosshfs group
  • remove the autosshfs-as-joe script
  • remove joe’s entry in /etc/auto.master
  • restart autofs

autosshfs-map

Returns the autofs map for the requested host.

Mountpoints are under /home/$USER/mnt/ssh

The whole remote host’s filesystem is mounted, only accessible to the user.

The script is called from /etc/auto.master.

autosshfs-ssh

A wrapper to the ssh command that will force automount to use the user’s SSH setup, including password-protected SSH keys, as long as they’re available to the keychain.

It is called by autosshfs-as-joe (using sudo) and loads joe’s keychain.