Per user SSHFS automount using user's SSH configuration
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
bin Support various methods of restarting autofs Jul 3, 2013
Makefile rm -rf scares me. Jul 2, 2013

autosshfs – Per user SSHFS automount using user’s SSH config and keys.


Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.

Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain.

This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at


Copyright 2011,2012,2013 hellekin <>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See: COPYING (or run make license if you’re online)


  • sudo privilege (for installation)
  • ssh, sshfs, autofs, keychain, ssh-askpass, shadow-utils

Quick Install

   sudo apt-get install keychain ssh-askpass sshfs autofs
   git clone
   cd autosshfs && sudo make install
   sudo autosshfs-user add $(id -un)

If you don’t already have an SSH key, create one now

   if [ ! -r $HOME/.ssh/id_ecdsa ]; then ssh-keygen -b 521 -t ecdsa; fi
   ssh-copy-id [user@]yourremotehost[:port]

You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).


   ls ~/mnt/ssh/[user@]yourremotehost[:port]

This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]

The values denoted by square brackets are optional.

By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.

The following are all valid:

   ls ~/mnt/ssh/yourremotehost
   ls ~/mnt/ssh/yourremotehost:1234
   ls ~/mnt/ssh/user@yourremotehost
   ls ~/mnt/ssh/user@yourremotehost:1234


This section describes how the whole thing works.

/etc/auto.master (or /etc/autofs/auto.master)

  1. Each entry MUST point to under user’s $HOME. We assume it takes the form

In any other case it will break.

  1. UID and GID must match id -u $USER and id -g $USER
  2. $USER must be in group autossh


  /home/joe/mnt/ssh program:/usr/local/bin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost

Since @7f2007b, workaround=rename is enabled by default to mimick POSIX behavior when renaming files (see Issue #4), e.g., to avoid issues with moving files in SVN repositories. If that option is not what you want, please reopen the issue so we devise a better solution.


This program enables or disables the automount service for a user.

Running autosshfs-user add joe will:

  • add joe to the autosshfs group
  • create a autosshfs-as-joe sudo wrapper for SSH
  • register the user automounter in auto.master
  • restart autofs

Running autosshfs-user del joe will:

  • remove joe from the autosshfs group
  • remove the autosshfs-as-joe script
  • remove joe’s entry in auto.master
  • restart autofs


Returns the autofs map for the requested host.

Mountpoints are under /home/$USER/mnt/ssh

The whole remote host’s filesystem is mounted, only accessible to the user.

The script is called from auto.master.


A wrapper to the ssh command that will force automount to use the user’s SSH setup, including password-protected SSH keys, as long as they’re available to the keychain.

It is called by autosshfs-as-joe (using sudo) and loads joe’s keychain.