Autosshfs
Per user SSHFS automount using user's SSH configuration
Install / Use
/learn @dyne/AutosshfsREADME
#+TITLE: autosshfs -- Per user SSHFS automount using user's SSH config and keys.
-
Introduction
Autofs doesn't provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user's ssh-agent and password-protected keys.
Autosshfs provides helper scripts to manage user automounts using =SSHFS= and =keychain=.
This program was heavily inspired by Josh Jackson's autofs_sshfs, published at [[http://pturing.firehead.org/software/autofs_sshfs/]]
-
License
Copyright 2011,2012,2013 hellekin hellekin@riseup.net
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
See: [[COPYING]] (or run make license if you're online)
-
Requirements
- =sudo= privilege (for installation)
- =ssh=, =sshfs=, =autofs=, =keychain=, =ssh-askpass=
-
Quick Install
: sudo apt-get install keychain ssh-askpass sshfs autofs : git clone https://github.com/hellekin/autosshfs.git : cd autosshfs && sudo make install : sudo autosshfs-user add $(id -un)
If you don't already have an SSH key, create one now
: if [ ! -r $HOME/.ssh/id_rsa ]; then ssh-keygen; fi
: ssh-copy-id [user@]yourremotehost[:port]
You *MUST* copy the public part of the SSH key to the
user@yourremotehost's =.ssh/authorized_keys= file in order to
allow password-less connections. =ssh-copy-id= will do that for
you. Connections will silently fail if your public key isn't
known to the remote host (internally, the automount daemon will be
waiting at a "Password: " prompt).
- Usage
: ls ~/mnt/ssh/[user@]yourremotehost[:port]
This will cause the autofs automount to attempt an SSH connection to
[user@]yourremotehost[:port]
The values denoted by square brackets are optional.
By default the connection to 'yourremotehost' will use the same
user-name as you have on the localhost. It is possible to specify
a different user-name and a non-standard port for connections to
'yourremotehost'.
The following are all valid:
: ls ~/mnt/ssh/yourremotehost : ls ~/mnt/ssh/yourremotehost:1234 : ls ~/mnt/ssh/user@yourremotehost : ls ~/mnt/ssh/user@yourremotehost:1234
-
Operation
This section describes how the whole thing works.
** /etc/auto.master
1. Each entry MUST point to under user's $HOME. We assume it takes the form
: /home/$USER/mnt/ssh/mountpoint In any other case it will break.
2. UID and GID must match =id -u $USER= and =id -g $USER=
3. $USER must be in group *autossh*
*** Example:
: /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
Since [[https://github.com/hellekin/autosshfs/commit/7f2007b4bde5e9dfbf4b7d035a048b7b2722d827][@7f2007b]], =workaround=rename= is enabled by default to
mimick POSIX behavior when renaming files (see [[https://github.com/hellekin/autosshfs/issues/4][Issue #4]]), e.g., to
avoid issues with moving files in SVN repositories. If that
option is not what you want, please reopen the issue so we devise
a better solution.
** autosshfs-user
This program enables or disables the automount service for a user.
Running =autosshfs-user add joe= will:
- add =joe= to the =autosshfs= group
- create a =autosshfs-as-joe= sudo wrapper for SSH
- register the user automounter in =/etc/auto.master=
- =restart autofs=
Running =autosshfs-user del joe= will:
- remove =joe= from the =autosshfs= group
- remove the =autosshfs-as-joe= script
- remove =joe='s entry in =/etc/auto.master=
- =restart autofs=
** autosshfs-map
Returns the =autofs= map for the requested host.
Mountpoints are under =/home/$USER/mnt/ssh=
The whole remote host's filesystem is mounted, only accessible to the user.
The script is called from =/etc/auto.master=.
** autosshfs-ssh
A wrapper to the =ssh= command that will force =automount= to use
the user's SSH setup, including password-protected SSH keys, as
long as they're available to the =keychain=.
It is called by =autosshfs-as-joe= (using =sudo=) and loads
=joe='s =keychain=.
