Initial Commit

Makefile

@@ -0,0 +1,27 @@
+PREFIX=/usr/local
+
+all:
+	@echo
+	@echo autosshfs is based on the article and code at
+	@echo http://pturing.firehead.org/software/autofs_sshfs/
+	@echo
+	@echo License: see COPYING file, or make license
+	@echo
+	@echo sudo make [un]install  -- Install or uninstall autosshfs
+	@echo
+
+install:
+	@addgroup --system ssh 2>/dev/null
+	@install -o root -g root -m 0750 bin/autosshfs-user ${PREFIX}/sbin/
+	@install -o root -g ssh  -m 0750 bin/autosshfs-map  ${PREFIX}/sbin/
+	@install -o root -g ssh  -m 0750 bin/autosshfs-ssh  ${PREFIX}/sbin/
+	@install -o root -g root -m 0755 bin/keychain-ring  ${PREFIX}/bin/
+	@install -o root -g root -m 0755 -d ${PREFIX}/share/doc/autosshfs/
+	@install -o root -g root -m 0644 doc/* ${PREFIX}/share/doc/autosshfs
+
+uninstall:
+	@rm -rf ${PREFIX}/sbin/autosshfs-* ${PREFIX}/bin/autosshfs-as-* ${PREFIX}/bin/keychain-ring ${PREFIX}/share/doc/autosshfs
+
+license:
+	@rm -f COPYING
+	@wget -q -OCOPYING http://www.gnu.org/licenses/agpl.txt

README.org

@@ -0,0 +1,86 @@
+#+TITLE: autosshfs -- Per user SSHFS automount using user's SSH config and keys.
+
+* Introduction
+
+  Autofs doesn't provide an easy way to mount SSHFS filesystems as a regular user.  HOWTOs abound on the topic, but rarely propose a solution involving the user's ssh-agent and password-protected keys.
+
+  Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain
+
+  This program was heavily inspired by Josh Jackson's autofs_sshfs, published at
+  http://pturing.firehead.org/software/autofs_sshfs/
+
+* License
+
+    Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+
+    This program is free software: you can redistribute it and/or
+    modify it under the terms of the GNU Affero General Public License
+    as published by the Free Software Foundation, either version 3 of
+    the License, or (at your option) any later version.
+
+    See: COPYING (or run make license if you're online)
+
+* Requirements
+
+    - sudo privilege (for installation)
+    - ssh, sshfs, autofs, keychain, ssh-askpass
+
+* Quick Install
+
+    sudo apt-get install keychain ssh-askpass sshfs autofs
+    git clone https://github.com/hellekin/autosshfs.git
+    cd autosshfs && sudo make install
+    sudo autosshfs-user add $(id -un)
+    ls ~/mnt/ssh/yourremotehost
+
+* Operation
+
+    This section describes how the whole thing works.
+
+** /etc/auto.master
+
+    1. Each entry MUST point to under user's $HOME.  We assume it takes the form
+:      /home/$USER/path/to/sshfs/mountpoint
+       In any other case it will break.
+
+    2. UID and GID must match `id -u $USER` and `id -g $USER`
+
+    3. $USER must be in group 'ssh'
+
+*** Example:
+
+:   /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
+
+** autosshfs-user
+
+    This program enables or disables the automount service for a user.
+
+    Running =autosshfs-user add joe= will:
+
+      - add =joe= to the =ssh= group
+      - create a =autosshfs-as-joe= sudo wrapper for SSH
+      - register the user automounter in =/etc/auto.master=
+      - =restart autofs=
+
+    Running =autosshfs-user del joe= will:
+
+      - remove =joe= from the =ssh= group
+      - remove the =autosshfs-as-joe= script
+      - remove =joe='s entry in =/etc/auto.master=
+      - =restart autofs=
+
+** autosshfs-map
+
+    Returns the =autofs= map for the requested host.
+
+    Mountpoints are under /home/$USER/mnt/ssh
+
+    The whole remote host's filesystem is mounted, only accessible to the user.
+
+    The script is called from =/etc/auto.master=.
+
+** autosshfs-ssh
+
+    A wrapper to the =ssh= command that will force autofs to use the user's SSH setup, including password-protected SSH keys, as long as they're available to the keychain.
+
+    It is called by =autosshfs-as-joe= (using =sudo=) and loads =joe='s =keychain=.

VERSION

@@ -0,0 +1 @@
+v0.1.0

bin/autosshfs-map

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+#
+# autosshfs-map -- Compute autofs map for user's SSHFS mounts.
+#
+## LICENSE
+#
+# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>,
+# or, from the package source directory, run: make license
+#
+## USAGE
+#
+# autosshfs-map assumes the following constraints:
+#
+# 1. The mountpoint is under user's $HOME
+# 2. $HOME points to /home/$USER
+# 3. $USER is a member of group ssh
+#
+
+PROGNAME="${0##*/}"
+
+# TODO: should be static from Makefile
+PREFIX=/usr/local
+
+fail() {
+  echo "${PROGNAME}: $@"
+  exit 1
+}
+
+# Get username from PWD.  It assumes the mountpoint is under user's $HOME.
+USER=$(builtin pwd)
+USER=${USER#/home/}
+USER=${USER%%/*}
+
+test -n "$USER" || fail "missing user"
+
+# User must be in group ssh
+member() {
+  local user="$1"
+  local group="$2"
+  local ex=1
+
+  test -z "$user" -o -z "$group" && return $ex
+  id $user &>/dev/null || return $ex
+
+  if [ $(2>/dev/null groups "$user" | egrep "\b$group\b" | wc -l) -eq 1 ]
+  then
+    ex=0
+  fi
+  return $ex
+}
+member $USER ssh || fail "user must be a member of group ssh"
+
+SSH_WRAPPER="${PREFIX}/bin/autosshfs-as-${USER}"
+
+if [ ! -x "${SSH_WRAPPER}" ]
+then
+  touch $SSH_WRAPPER
+  chown root:ssh $SSH_WRAPPER
+  chmod 0750 $SSH_WRAPPER
+
+  generator="# Generated by ${PROGNAME} at $(date -R)"
+
+cat > $SSH_WRAPPER <<EOD
+#!/bin/sh
+#
+# autosshfs-as-$USER
+#
+# Wrapper script to make automount use the user's ssh-agent
+# when mounting SSHFS.
+#
+sudo -H -u ${USER} -i ${PREFIX}/sbin/autosshfs-ssh "\$@"
+${generator}
+EOD
+fi
+
+OPTS="-fstype=fuse,rw,allow_other,umask=077,noatime,nosuid,nodev"
+OPTS="${OPTS},ssh_command=${SSH_WRAPPER}"
+
+# You can connect to host not in your configuration file:
+#
+#  [user@]host[:port]
+#
+# will set port=port connect to user@host
+
+HOST="${1}"
+
+test -n "$HOST" || fail "missing key: did you use autofs?"
+
+COLONPOS=$(expr index "${key}" :)
+if [[ $COLONPOS > 0 ]]
+then
+  OPTS="${OPTS},port=${HOST:$COLONPOS}"
+  HOST="${HOST:0:$[$COLONPOS - 1]}"
+fi
+
+# -fstype=fuse,rw,allow_other,... / sshfs\#remote_host:/
+echo -e "${OPTS} \t/\t sshfs\#${HOST}:/"

bin/autosshfs-ssh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# autosshfs-ssh -- Wrap ssh to load SSH environment from user's keychain
+#
+# It is intended to be called as: sudo -H -u USER -i autosshfs-ssh "$@"
+#
+## LICENSE
+#
+# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>,
+# or, from the package source directory, run: make license
+#
+
+PROGNAME=${0##*/}
+
+fail() {
+  echo "${PROGNAME}: $@"
+  exit 1
+}
+
+# We need a user
+test -n "$USER"       || fail "missing username"
+
+# With a keychain
+KEYCHAIN=$(which keychain)
+test -x "${KEYCHAIN}" || fail "missing executable: keychain"
+
+# Find user's DISPLAY
+DISPLAY=$(ps aux | sed -e '/sed/d;/${USER}.*xinit/!d;s/^.*xserverrc \(:[0-9\.]*\).*/\1/')
+test -n "$DISPLAY" || DISPLAY=":0"
+export DISPLAY
+
+# Find a GUI in case we need an SSH password
+ssh_askpass() {
+  local dirs="/usr/bin /usr/local/bin /usr/libexec/openssh /usr/lib/openssh"
+  local progs="ssh-askpass gtk-led-askpass gnome-ssh-askpass x11-ssh-askpass"
+  local askpass=
+
+  for prog in ${progs}
+  do
+    askpass=$(which ${prog})
+    test -x "${askpass}" && echo ${askpass} && return 0
+  done
+
+  for prog in ${progs}
+  do
+    for dir in $dirs
+    do
+      askpass="${dir}/${prog}"
+      test -x "${askpass}" && echo ${askpass} && return 0
+    done
+  done
+
+  fail "cannot find SSH_ASKPASS"
+}
+
+SSH_ASKPASS=$(ssh_askpass)
+export SSH_ASKPASS
+
+# Load the keychain environment
+eval $(keychain -q --ignore-missing --eval)
+
+# Run the SSH command
+ssh "$@"