Permalink
Browse files

Initial Commit

  • Loading branch information...
Hellekin O. Wolf =8)
Hellekin O. Wolf =8) committed Jan 18, 2011
0 parents commit c0dca17f3bca01451c35bdf0764612a95580444f
Showing with 1,197 additions and 0 deletions.
  1. +661 −0 COPYING
  2. +27 −0 Makefile
  3. +86 −0 README.org
  4. +1 −0 VERSION
  5. +111 −0 bin/autosshfs-map
  6. +76 −0 bin/autosshfs-ssh
  7. +103 −0 bin/autosshfs-user
  8. +80 −0 bin/keychain-ring
  9. +25 −0 doc/auto.master
  10. +17 −0 doc/copyright_notice.txt
  11. +10 −0 doc/sample-shell-rc
661 COPYING

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,27 @@
+PREFIX=/usr/local
+
+all:
+ @echo
+ @echo autosshfs is based on the article and code at
+ @echo http://pturing.firehead.org/software/autofs_sshfs/
+ @echo
+ @echo License: see COPYING file, or make license
+ @echo
+ @echo sudo make [un]install -- Install or uninstall autosshfs
+ @echo
+
+install:
+ @addgroup --system ssh 2>/dev/null
+ @install -o root -g root -m 0750 bin/autosshfs-user ${PREFIX}/sbin/
+ @install -o root -g ssh -m 0750 bin/autosshfs-map ${PREFIX}/sbin/
+ @install -o root -g ssh -m 0750 bin/autosshfs-ssh ${PREFIX}/sbin/
+ @install -o root -g root -m 0755 bin/keychain-ring ${PREFIX}/bin/
+ @install -o root -g root -m 0755 -d ${PREFIX}/share/doc/autosshfs/
+ @install -o root -g root -m 0644 doc/* ${PREFIX}/share/doc/autosshfs
+
+uninstall:
+ @rm -rf ${PREFIX}/sbin/autosshfs-* ${PREFIX}/bin/autosshfs-as-* ${PREFIX}/bin/keychain-ring ${PREFIX}/share/doc/autosshfs
+
+license:
+ @rm -f COPYING
+ @wget -q -OCOPYING http://www.gnu.org/licenses/agpl.txt
@@ -0,0 +1,86 @@
+#+TITLE: autosshfs -- Per user SSHFS automount using user's SSH config and keys.
+
+* Introduction
+
+ Autofs doesn't provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user's ssh-agent and password-protected keys.
+
+ Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain
+
+ This program was heavily inspired by Josh Jackson's autofs_sshfs, published at
+ http://pturing.firehead.org/software/autofs_sshfs/
+
+* License
+
+ Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+
+ This program is free software: you can redistribute it and/or
+ modify it under the terms of the GNU Affero General Public License
+ as published by the Free Software Foundation, either version 3 of
+ the License, or (at your option) any later version.
+
+ See: COPYING (or run make license if you're online)
+
+* Requirements
+
+ - sudo privilege (for installation)
+ - ssh, sshfs, autofs, keychain, ssh-askpass
+
+* Quick Install
+
+ sudo apt-get install keychain ssh-askpass sshfs autofs
+ git clone https://github.com/hellekin/autosshfs.git
+ cd autosshfs && sudo make install
+ sudo autosshfs-user add $(id -un)
+ ls ~/mnt/ssh/yourremotehost
+
+* Operation
+
+ This section describes how the whole thing works.
+
+** /etc/auto.master
+
+ 1. Each entry MUST point to under user's $HOME. We assume it takes the form
+: /home/$USER/path/to/sshfs/mountpoint
+ In any other case it will break.
+
+ 2. UID and GID must match `id -u $USER` and `id -g $USER`
+
+ 3. $USER must be in group 'ssh'
+
+*** Example:
+
+: /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
+
+** autosshfs-user
+
+ This program enables or disables the automount service for a user.
+
+ Running =autosshfs-user add joe= will:
+
+ - add =joe= to the =ssh= group
+ - create a =autosshfs-as-joe= sudo wrapper for SSH
+ - register the user automounter in =/etc/auto.master=
+ - =restart autofs=
+
+ Running =autosshfs-user del joe= will:
+
+ - remove =joe= from the =ssh= group
+ - remove the =autosshfs-as-joe= script
+ - remove =joe='s entry in =/etc/auto.master=
+ - =restart autofs=
+
+** autosshfs-map
+
+ Returns the =autofs= map for the requested host.
+
+ Mountpoints are under /home/$USER/mnt/ssh
+
+ The whole remote host's filesystem is mounted, only accessible to the user.
+
+ The script is called from =/etc/auto.master=.
+
+** autosshfs-ssh
+
+ A wrapper to the =ssh= command that will force autofs to use the user's SSH setup, including password-protected SSH keys, as long as they're available to the keychain.
+
+ It is called by =autosshfs-as-joe= (using =sudo=) and loads =joe='s =keychain=.
@@ -0,0 +1 @@
+v0.1.0
@@ -0,0 +1,111 @@
+#!/bin/bash
+
+#
+# autosshfs-map -- Compute autofs map for user's SSHFS mounts.
+#
+## LICENSE
+#
+# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>,
+# or, from the package source directory, run: make license
+#
+## USAGE
+#
+# autosshfs-map assumes the following constraints:
+#
+# 1. The mountpoint is under user's $HOME
+# 2. $HOME points to /home/$USER
+# 3. $USER is a member of group ssh
+#
+
+PROGNAME="${0##*/}"
+
+# TODO: should be static from Makefile
+PREFIX=/usr/local
+
+fail() {
+ echo "${PROGNAME}: $@"
+ exit 1
+}
+
+# Get username from PWD. It assumes the mountpoint is under user's $HOME.
+USER=$(builtin pwd)
+USER=${USER#/home/}
+USER=${USER%%/*}
+
+test -n "$USER" || fail "missing user"
+
+# User must be in group ssh
+member() {
+ local user="$1"
+ local group="$2"
+ local ex=1
+
+ test -z "$user" -o -z "$group" && return $ex
+ id $user &>/dev/null || return $ex
+
+ if [ $(2>/dev/null groups "$user" | egrep "\b$group\b" | wc -l) -eq 1 ]
+ then
+ ex=0
+ fi
+ return $ex
+}
+member $USER ssh || fail "user must be a member of group ssh"
+
+SSH_WRAPPER="${PREFIX}/bin/autosshfs-as-${USER}"
+
+if [ ! -x "${SSH_WRAPPER}" ]
+then
+ touch $SSH_WRAPPER
+ chown root:ssh $SSH_WRAPPER
+ chmod 0750 $SSH_WRAPPER
+
+ generator="# Generated by ${PROGNAME} at $(date -R)"
+
+cat > $SSH_WRAPPER <<EOD
+#!/bin/sh
+#
+# autosshfs-as-$USER
+#
+# Wrapper script to make automount use the user's ssh-agent
+# when mounting SSHFS.
+#
+sudo -H -u ${USER} -i ${PREFIX}/sbin/autosshfs-ssh "\$@"
+${generator}
+EOD
+fi
+
+OPTS="-fstype=fuse,rw,allow_other,umask=077,noatime,nosuid,nodev"
+OPTS="${OPTS},ssh_command=${SSH_WRAPPER}"
+
+# You can connect to host not in your configuration file:
+#
+# [user@]host[:port]
+#
+# will set port=port connect to user@host
+
+HOST="${1}"
+
+test -n "$HOST" || fail "missing key: did you use autofs?"
+
+COLONPOS=$(expr index "${key}" :)
+if [[ $COLONPOS > 0 ]]
+then
+ OPTS="${OPTS},port=${HOST:$COLONPOS}"
+ HOST="${HOST:0:$[$COLONPOS - 1]}"
+fi
+
+# -fstype=fuse,rw,allow_other,... / sshfs\#remote_host:/
+echo -e "${OPTS} \t/\t sshfs\#${HOST}:/"
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# autosshfs-ssh -- Wrap ssh to load SSH environment from user's keychain
+#
+# It is intended to be called as: sudo -H -u USER -i autosshfs-ssh "$@"
+#
+## LICENSE
+#
+# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>,
+# or, from the package source directory, run: make license
+#
+
+PROGNAME=${0##*/}
+
+fail() {
+ echo "${PROGNAME}: $@"
+ exit 1
+}
+
+# We need a user
+test -n "$USER" || fail "missing username"
+
+# With a keychain
+KEYCHAIN=$(which keychain)
+test -x "${KEYCHAIN}" || fail "missing executable: keychain"
+
+# Find user's DISPLAY
+DISPLAY=$(ps aux | sed -e '/sed/d;/${USER}.*xinit/!d;s/^.*xserverrc \(:[0-9\.]*\).*/\1/')
+test -n "$DISPLAY" || DISPLAY=":0"
+export DISPLAY
+
+# Find a GUI in case we need an SSH password
+ssh_askpass() {
+ local dirs="/usr/bin /usr/local/bin /usr/libexec/openssh /usr/lib/openssh"
+ local progs="ssh-askpass gtk-led-askpass gnome-ssh-askpass x11-ssh-askpass"
+ local askpass=
+
+ for prog in ${progs}
+ do
+ askpass=$(which ${prog})
+ test -x "${askpass}" && echo ${askpass} && return 0
+ done
+
+ for prog in ${progs}
+ do
+ for dir in $dirs
+ do
+ askpass="${dir}/${prog}"
+ test -x "${askpass}" && echo ${askpass} && return 0
+ done
+ done
+
+ fail "cannot find SSH_ASKPASS"
+}
+
+SSH_ASKPASS=$(ssh_askpass)
+export SSH_ASKPASS
+
+# Load the keychain environment
+eval $(keychain -q --ignore-missing --eval)
+
+# Run the SSH command
+ssh "$@"
Oops, something went wrong.

0 comments on commit c0dca17

Please sign in to comment.