how to automount sshfs filesystems with autofs on linux

Installing the tools, setting up the OS

Install the package:

  • sshfs (on Ubuntu, it will install also fuse and libfuse2)

Change the group for the fuse device file:

chgrp fuse /dev/fuse

Configuring root’s SSH keys

Although it is possible to run sshfs as a ‘mortal’ user:

In three simple steps:

  • add your user id to ‘fuse’ group (logout-login recommended),
  • chmod o+x on the fusermount binary (check with ‘whereis fusermount’, it is in more than one location, and
  • the mount-point must be writable to the user

some issues should be noted regarding the relationship between SSHFS, plain ssh and autofs:

  • SSHFS seems to recognize the user running the sshfs command has priv/pub keys
  • It seems, though, that SSHFS does not recognize the running ssh-agent (it didn’t recognize mine, I didn’t try many different situations here – it might be possible to write a wrapper script around ssh to make surewe will use a ssh-agent instance
  • The autofs daemon runs as root anyway, so it’s not much use to have a ssh-agent running as your user id.

Thus, I decided to create passphrase-less keys in the root id. You should be warned that, if your root id gets compromised, someone might grab the private key file (no passphrase, thus unencrypted), and get automatic access to all the remote servers, thus you should be careful about physical security on this machine.

That said, the steps to configure the keys are:

  • create the keys using the command line ‘ssh-keygen -t dsa’ and use the default file location and NO PASSPHRASE
  • add the public key file (~root/ to the authorized_keys file on the remote user’s .ssh directory (~/.ssh/authorized_keys), for each user@host you’re going to use

Configure autofs

Create an autofs map file, say /etc/auto.home, with the line (I broke in two for legibility, but it should be all in one line):

alexei -fstype=fuse,allow_other,reconnect,uid=1000,gid=1000

Naturally, you are going to replace the with your remote hostname and /home/alexei with the remote directory you’re intending to use, and the uid=1000,gid=1000 with your local user id nad group id.

You may remove the ‘reconnect’ option if you wish so, or add other options as described in sshfs(1), but DO NOT REMOVE the allow_other option, as it will prevent you, mortal user, to access the mounted directory contents.

Edit your /etc/auto.master file, adding a line like this:

/auto/home       /etc/auto.home

where you may want to replace /auto/home with whichever mount-point you want, /etc/auto.home with your map file created above.

Restart the autofs daemon:

/etc/init.d/autofs restart

And you will be able to change directory to /auto/home/alexei (or your mount-point) seamlessly.

This entry was posted in linux, ubuntu. Bookmark the permalink.

9 Responses to how to automount sshfs filesystems with autofs on linux

  1. sean says:

    Any way to do this without using the root login to create the keys? Can autofs be ran as mortal user?

  2. russoz says:

    Sean, I didn’t really tried that from within autofs.

    Although is fairly simple to mount a sshfs volume manually, as it’s shown up there and in the references, the question is that the mount/umount operations will be spawned out of the autofs process, which run as root.

    I don’t know if it’s possible (and it’s late, I won’t search that right now :-o) to run autofs as a non-root user. I doubt that will work, because being triggered by any user entering a directory, is probably something that only root can do.

    On the other hand, there’s a number of user-space tools, for a lot of things, coming out lately, you might want to check anything related to that.

    There was FAM – File Alteration Monitor, but I think that project is dead.

    Anyway, to be notified of file changes/acesses, you got to tap into the kernel, and it’s likely that you will need to be root for that.

    Moreover, autofs will actually spawn an automount process, which will THEN call mount and/or umount, and as far as I can see (checking the strings in /usr/sbin/automount), it doesn’t look like it runs /bin/mount or /bin/umount, rather it performs a system call into the kernel to have the filesystems mounted. Thus, if anything should be ran as the user, rather than root, it’s automount. And I don’t see that happening.

    All this make me wonder: why is it that you want to run the autofs as a mortal user, just because of the keys?

  3. russoz says:

    Just an update,

    After a while using it, I found the best set of options (for me at least) is:

    alexei -fstype=fuse,transform_symlinks,allow_other,reconnect,uid=1000,gid=1000 sshfs\

    where, of course, you change the uid and gid values for your own local id numbers.

  4. Ericson Wilkinson says:

    These instructions were great, thanks! I hated using VI to edit files remotely, now I can use gedit 🙂

  5. Marc Weber says:

    It must be :sshfs…
    If you omit the : you can’t add a trailing target path.

    So the mount point must look like this:

    Also using a script such as I that I posted here:

    You can use keys with passwords.

  6. Luca says:

    I love this tutorial, it allows me to mount my working directory completely so I can edit my Website with my favourite editors 🙂

  7. Pingback: howto automount your iso images in linux | russoz

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s