Per user SSHFS automount using user's SSH configuration
Latest commit c9dc8cd Jul 3, 2013
hellekin Version 0.3.0 -- Flying Edward (to safety)
This release adds support for ArchLinux, thanks to the precious help of
@korakinos, and @jonbrett. (See pull #8) It does not bring new functionality
other than being ready-to-use on non-Debian systems.


It occurs at an interesting moment in history, where a whistleblower name Edward
Snowden is chased by the U.S.A. for leaking secrets about a global surveillance
system operated by the NSA: PRISM. Today, in order to prevent Snowden from
seeking asylum, the U.S.A. and its allies from Europe (Portugal, France, Italy,
and Austria) are abusing the rules of diplomacy. They're threatening the life of
President Evo Morales of Bolivia, by refusing their aerial space to his
presidential plane on its way back from Russia, where Snowden found a temporary
refuge, on the suspicion that the whistleblower might be on board.

That is unprecedented, and as in the reclusion of Julian Assange, demonstrates
once again the unilaterality of the "democratic rule", where a
pseudo-democratic-superpower-gone-out-of-control respects or violates diplomacy,
human rights, or the Constitution as it sees fit.

    The best weapon of a dictatorship is secrecy, but the best
    weapon of a democracy should be the weapon of openness.
    -- Niels Bohr

autosshfs – Per user SSHFS automount using user’s SSH config and keys.


Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.

Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain.

This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at


Copyright 2011,2012,2013 hellekin <>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See: COPYING (or run make license if you’re online)


  • sudo privilege (for installation)
  • ssh, sshfs, autofs, keychain, ssh-askpass, shadow-utils

Quick Install

   sudo apt-get install keychain ssh-askpass sshfs autofs
   git clone
   cd autosshfs && sudo make install
   sudo autosshfs-user add $(id -un)

If you don’t already have an SSH key, create one now

   if [ ! -r $HOME/.ssh/id_ecdsa ]; then ssh-keygen -b 521 -t ecdsa; fi
   ssh-copy-id [user@]yourremotehost[:port]

You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).


   ls ~/mnt/ssh/[user@]yourremotehost[:port]

This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]

The values denoted by square brackets are optional.

By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.

The following are all valid:

   ls ~/mnt/ssh/yourremotehost
   ls ~/mnt/ssh/yourremotehost:1234
   ls ~/mnt/ssh/user@yourremotehost
   ls ~/mnt/ssh/user@yourremotehost:1234


This section describes how the whole thing works.

/etc/auto.master (or /etc/autofs/auto.master)

  1. Each entry MUST point to under user’s $HOME. We assume it takes the form

In any other case it will break.

  1. UID and GID must match id -u $USER and id -g $USER
  2. $USER must be in group autossh


  /home/joe/mnt/ssh program:/usr/local/bin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost

Since @7f2007b, workaround=rename is enabled by default to mimick POSIX behavior when renaming files (see Issue #4), e.g., to avoid issues with moving files in SVN repositories. If that option is not what you want, please reopen the issue so we devise a better solution.


This program enables or disables the automount service for a user.

Running autosshfs-user add joe will:

  • add joe to the autosshfs group
  • create a autosshfs-as-joe sudo wrapper for SSH
  • register the user automounter in auto.master
  • restart autofs

Running autosshfs-user del joe will:

  • remove joe from the autosshfs group
  • remove the autosshfs-as-joe script
  • remove joe’s entry in auto.master
  • restart autofs


Returns the autofs map for the requested host.

Mountpoints are under /home/$USER/mnt/ssh

The whole remote host’s filesystem is mounted, only accessible to the user.

The script is called from auto.master.


A wrapper to the ssh command that will force automount to use the user’s SSH setup, including password-protected SSH keys, as long as they’re available to the keychain.

It is called by autosshfs-as-joe (using sudo) and loads joe’s keychain.