Installing the tools, setting up the OS
Install the package:
- sshfs (on Ubuntu, it will install also fuse and libfuse2)
Change the group for the fuse device file:
chgrp fuse /dev/fuse
Configuring root’s SSH keys
Although it is possible to run sshfs as a ‘mortal’ user:
In three simple steps:
- add your user id to ‘fuse’ group (logout-login recommended),
- chmod o+x on the fusermount binary (check with ‘whereis fusermount’, it is in more than one location, and
- the mount-point must be writable to the user
some issues should be noted regarding the relationship between SSHFS, plain ssh and autofs:
- SSHFS seems to recognize the user running the sshfs command has priv/pub keys
- It seems, though, that SSHFS does not recognize the running ssh-agent (it didn’t recognize mine, I didn’t try many different situations here – it might be possible to write a wrapper script around ssh to make surewe will use a ssh-agent instance
- The autofs daemon runs as root anyway, so it’s not much use to have a ssh-agent running as your user id.
Thus, I decided to create passphrase-less keys in the root id. You should be warned that, if your root id gets compromised, someone might grab the private key file (no passphrase, thus unencrypted), and get automatic access to all the remote servers, thus you should be careful about physical security on this machine.
That said, the steps to configure the keys are:
- create the keys using the command line ‘ssh-keygen -t dsa’ and use the default file location and NO PASSPHRASE
- add the public key file (~root/id_dsa.pub) to the authorized_keys file on the remote user’s .ssh directory (~/.ssh/authorized_keys), for each user@host you’re going to use
Create an autofs map file, say /etc/auto.home, with the line (I broke in two for legibility, but it should be all in one line):
Naturally, you are going to replace the myserver.com with your remote hostname and /home/alexei with the remote directory you’re intending to use, and the uid=1000,gid=1000 with your local user id nad group id.
You may remove the ‘reconnect’ option if you wish so, or add other options as described in
sshfs(1), but DO NOT REMOVE the allow_other option, as it will prevent you, mortal user, to access the mounted directory contents.
Edit your /etc/auto.master file, adding a line like this:
where you may want to replace /auto/home with whichever mount-point you want, /etc/auto.home with your map file created above.
Restart the autofs daemon:
And you will be able to change directory to /auto/home/alexei (or your mount-point) seamlessly.