-
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Hellekin O. Wolf =8)
committed
Jan 18, 2011
0 parents
commit c0dca17
Showing
11 changed files
with
1,197 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,27 @@ | |||
PREFIX=/usr/local | |||
|
|||
all: | |||
@echo | |||
@echo autosshfs is based on the article and code at | |||
@echo http://pturing.firehead.org/software/autofs_sshfs/ | |||
@echo | |||
@echo License: see COPYING file, or make license | |||
@echo | |||
@echo sudo make [un]install -- Install or uninstall autosshfs | |||
@echo | |||
|
|||
install: | |||
@addgroup --system ssh 2>/dev/null | |||
@install -o root -g root -m 0750 bin/autosshfs-user ${PREFIX}/sbin/ | |||
@install -o root -g ssh -m 0750 bin/autosshfs-map ${PREFIX}/sbin/ | |||
@install -o root -g ssh -m 0750 bin/autosshfs-ssh ${PREFIX}/sbin/ | |||
@install -o root -g root -m 0755 bin/keychain-ring ${PREFIX}/bin/ | |||
@install -o root -g root -m 0755 -d ${PREFIX}/share/doc/autosshfs/ | |||
@install -o root -g root -m 0644 doc/* ${PREFIX}/share/doc/autosshfs | |||
|
|||
uninstall: | |||
@rm -rf ${PREFIX}/sbin/autosshfs-* ${PREFIX}/bin/autosshfs-as-* ${PREFIX}/bin/keychain-ring ${PREFIX}/share/doc/autosshfs | |||
|
|||
license: | |||
@rm -f COPYING | |||
@wget -q -OCOPYING http://www.gnu.org/licenses/agpl.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,86 @@ | |||
#+TITLE: autosshfs -- Per user SSHFS automount using user's SSH config and keys. | |||
|
|||
* Introduction | |||
|
|||
Autofs doesn't provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user's ssh-agent and password-protected keys. | |||
|
|||
Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain | |||
|
|||
This program was heavily inspired by Josh Jackson's autofs_sshfs, published at | |||
http://pturing.firehead.org/software/autofs_sshfs/ | |||
|
|||
* License | |||
|
|||
Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net> | |||
|
|||
This program is free software: you can redistribute it and/or | |||
modify it under the terms of the GNU Affero General Public License | |||
as published by the Free Software Foundation, either version 3 of | |||
the License, or (at your option) any later version. | |||
|
|||
See: COPYING (or run make license if you're online) | |||
|
|||
* Requirements | |||
|
|||
- sudo privilege (for installation) | |||
- ssh, sshfs, autofs, keychain, ssh-askpass | |||
|
|||
* Quick Install | |||
|
|||
sudo apt-get install keychain ssh-askpass sshfs autofs | |||
git clone https://github.com/hellekin/autosshfs.git | |||
cd autosshfs && sudo make install | |||
sudo autosshfs-user add $(id -un) | |||
ls ~/mnt/ssh/yourremotehost | |||
|
|||
* Operation | |||
|
|||
This section describes how the whole thing works. | |||
|
|||
** /etc/auto.master | |||
|
|||
1. Each entry MUST point to under user's $HOME. We assume it takes the form | |||
: /home/$USER/path/to/sshfs/mountpoint | |||
In any other case it will break. | |||
|
|||
2. UID and GID must match `id -u $USER` and `id -g $USER` | |||
|
|||
3. $USER must be in group 'ssh' | |||
|
|||
*** Example: | |||
|
|||
: /home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost | |||
|
|||
** autosshfs-user | |||
|
|||
This program enables or disables the automount service for a user. | |||
|
|||
Running =autosshfs-user add joe= will: | |||
|
|||
- add =joe= to the =ssh= group | |||
- create a =autosshfs-as-joe= sudo wrapper for SSH | |||
- register the user automounter in =/etc/auto.master= | |||
- =restart autofs= | |||
|
|||
Running =autosshfs-user del joe= will: | |||
|
|||
- remove =joe= from the =ssh= group | |||
- remove the =autosshfs-as-joe= script | |||
- remove =joe='s entry in =/etc/auto.master= | |||
- =restart autofs= | |||
|
|||
** autosshfs-map | |||
|
|||
Returns the =autofs= map for the requested host. | |||
|
|||
Mountpoints are under /home/$USER/mnt/ssh | |||
|
|||
The whole remote host's filesystem is mounted, only accessible to the user. | |||
|
|||
The script is called from =/etc/auto.master=. | |||
|
|||
** autosshfs-ssh | |||
|
|||
A wrapper to the =ssh= command that will force autofs to use the user's SSH setup, including password-protected SSH keys, as long as they're available to the keychain. | |||
|
|||
It is called by =autosshfs-as-joe= (using =sudo=) and loads =joe='s =keychain=. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1 @@ | |||
v0.1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,111 @@ | |||
#!/bin/bash | |||
|
|||
# | |||
# autosshfs-map -- Compute autofs map for user's SSHFS mounts. | |||
# | |||
## LICENSE | |||
# | |||
# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net> | |||
# | |||
# This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU Affero General Public License as published by | |||
# the Free Software Foundation, either version 3 of the License, or | |||
# (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU Affero General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU Affero General Public License | |||
# along with this program. If not, see <http://www.gnu.org/licenses/>, | |||
# or, from the package source directory, run: make license | |||
# | |||
## USAGE | |||
# | |||
# autosshfs-map assumes the following constraints: | |||
# | |||
# 1. The mountpoint is under user's $HOME | |||
# 2. $HOME points to /home/$USER | |||
# 3. $USER is a member of group ssh | |||
# | |||
|
|||
PROGNAME="${0##*/}" | |||
|
|||
# TODO: should be static from Makefile | |||
PREFIX=/usr/local | |||
|
|||
fail() { | |||
echo "${PROGNAME}: $@" | |||
exit 1 | |||
} | |||
|
|||
# Get username from PWD. It assumes the mountpoint is under user's $HOME. | |||
USER=$(builtin pwd) | |||
USER=${USER#/home/} | |||
USER=${USER%%/*} | |||
|
|||
test -n "$USER" || fail "missing user" | |||
|
|||
# User must be in group ssh | |||
member() { | |||
local user="$1" | |||
local group="$2" | |||
local ex=1 | |||
|
|||
test -z "$user" -o -z "$group" && return $ex | |||
id $user &>/dev/null || return $ex | |||
|
|||
if [ $(2>/dev/null groups "$user" | egrep "\b$group\b" | wc -l) -eq 1 ] | |||
then | |||
ex=0 | |||
fi | |||
return $ex | |||
} | |||
member $USER ssh || fail "user must be a member of group ssh" | |||
|
|||
SSH_WRAPPER="${PREFIX}/bin/autosshfs-as-${USER}" | |||
|
|||
if [ ! -x "${SSH_WRAPPER}" ] | |||
then | |||
touch $SSH_WRAPPER | |||
chown root:ssh $SSH_WRAPPER | |||
chmod 0750 $SSH_WRAPPER | |||
|
|||
generator="# Generated by ${PROGNAME} at $(date -R)" | |||
|
|||
cat > $SSH_WRAPPER <<EOD | |||
#!/bin/sh | |||
# | |||
# autosshfs-as-$USER | |||
# | |||
# Wrapper script to make automount use the user's ssh-agent | |||
# when mounting SSHFS. | |||
# | |||
sudo -H -u ${USER} -i ${PREFIX}/sbin/autosshfs-ssh "\$@" | |||
${generator} | |||
EOD | |||
fi | |||
|
|||
OPTS="-fstype=fuse,rw,allow_other,umask=077,noatime,nosuid,nodev" | |||
OPTS="${OPTS},ssh_command=${SSH_WRAPPER}" | |||
|
|||
# You can connect to host not in your configuration file: | |||
# | |||
# [user@]host[:port] | |||
# | |||
# will set port=port connect to user@host | |||
|
|||
HOST="${1}" | |||
|
|||
test -n "$HOST" || fail "missing key: did you use autofs?" | |||
|
|||
COLONPOS=$(expr index "${key}" :) | |||
if [[ $COLONPOS > 0 ]] | |||
then | |||
OPTS="${OPTS},port=${HOST:$COLONPOS}" | |||
HOST="${HOST:0:$[$COLONPOS - 1]}" | |||
fi | |||
|
|||
# -fstype=fuse,rw,allow_other,... / sshfs\#remote_host:/ | |||
echo -e "${OPTS} \t/\t sshfs\#${HOST}:/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,76 @@ | |||
#!/bin/bash | |||
|
|||
# autosshfs-ssh -- Wrap ssh to load SSH environment from user's keychain | |||
# | |||
# It is intended to be called as: sudo -H -u USER -i autosshfs-ssh "$@" | |||
# | |||
## LICENSE | |||
# | |||
# Copyright 2011 Hellekin O. Wolf <hellekin@riseup.net> | |||
# | |||
# This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU Affero General Public License as published by | |||
# the Free Software Foundation, either version 3 of the License, or | |||
# (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU Affero General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU Affero General Public License | |||
# along with this program. If not, see <http://www.gnu.org/licenses/>, | |||
# or, from the package source directory, run: make license | |||
# | |||
|
|||
PROGNAME=${0##*/} | |||
|
|||
fail() { | |||
echo "${PROGNAME}: $@" | |||
exit 1 | |||
} | |||
|
|||
# We need a user | |||
test -n "$USER" || fail "missing username" | |||
|
|||
# With a keychain | |||
KEYCHAIN=$(which keychain) | |||
test -x "${KEYCHAIN}" || fail "missing executable: keychain" | |||
|
|||
# Find user's DISPLAY | |||
DISPLAY=$(ps aux | sed -e '/sed/d;/${USER}.*xinit/!d;s/^.*xserverrc \(:[0-9\.]*\).*/\1/') | |||
test -n "$DISPLAY" || DISPLAY=":0" | |||
export DISPLAY | |||
|
|||
# Find a GUI in case we need an SSH password | |||
ssh_askpass() { | |||
local dirs="/usr/bin /usr/local/bin /usr/libexec/openssh /usr/lib/openssh" | |||
local progs="ssh-askpass gtk-led-askpass gnome-ssh-askpass x11-ssh-askpass" | |||
local askpass= | |||
|
|||
for prog in ${progs} | |||
do | |||
askpass=$(which ${prog}) | |||
test -x "${askpass}" && echo ${askpass} && return 0 | |||
done | |||
|
|||
for prog in ${progs} | |||
do | |||
for dir in $dirs | |||
do | |||
askpass="${dir}/${prog}" | |||
test -x "${askpass}" && echo ${askpass} && return 0 | |||
done | |||
done | |||
|
|||
fail "cannot find SSH_ASKPASS" | |||
} | |||
|
|||
SSH_ASKPASS=$(ssh_askpass) | |||
export SSH_ASKPASS | |||
|
|||
# Load the keychain environment | |||
eval $(keychain -q --ignore-missing --eval) | |||
|
|||
# Run the SSH command | |||
ssh "$@" |
Oops, something went wrong.