Per user SSHFS automount using user's SSH configuration
Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin Support various methods of restarting autofs Jul 3, 2013
doc
src
COPYING
ChangeLog
Makefile rm -rf scares me. Jul 2, 2013
README.org
VERSION

README.org

autosshfs – Per user SSHFS automount using user’s SSH config and keys.

Introduction

Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.

Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain.

This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at http://pturing.firehead.org/software/autofs_sshfs/

License

Copyright 2011,2012,2013 hellekin <hellekin@cepheide.org>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See: COPYING (or run make license if you’re online)

Requirements

  • sudo privilege (for installation)
  • ssh, sshfs, autofs, keychain, ssh-askpass, shadow-utils

Quick Install

   sudo apt-get install keychain ssh-askpass sshfs autofs
   git clone https://github.com/hellekin/autosshfs.git
   cd autosshfs && sudo make install
   sudo autosshfs-user add $(id -un)

If you don’t already have an SSH key, create one now

   if [ ! -r $HOME/.ssh/id_ecdsa ]; then ssh-keygen -b 521 -t ecdsa; fi
   ssh-copy-id [user@]yourremotehost[:port]

You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).

Usage

   ls ~/mnt/ssh/[user@]yourremotehost[:port]

This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]

The values denoted by square brackets are optional.

By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.

The following are all valid:

   ls ~/mnt/ssh/yourremotehost
   ls ~/mnt/ssh/yourremotehost:1234
   ls ~/mnt/ssh/user@yourremotehost
   ls ~/mnt/ssh/user@yourremotehost:1234

Operation

This section describes how the whole thing works.

/etc/auto.master (or /etc/autofs/auto.master)

  1. Each entry MUST point to under user’s $HOME. We assume it takes the form
     /home/$USER/mnt/ssh/mountpoint

In any other case it will break.

  1. UID and GID must match id -u $USER and id -g $USER
  2. $USER must be in group autossh

Example:

  /home/joe/mnt/ssh program:/usr/local/bin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost

Since @7f2007b, workaround=rename is enabled by default to mimick POSIX behavior when renaming files (see Issue #4), e.g., to avoid issues with moving files in SVN repositories. If that option is not what you want, please reopen the issue so we devise a better solution.

autosshfs-user

This program enables or disables the automount service for a user.

Running autosshfs-user add joe will:

  • add joe to the autosshfs group
  • create a autosshfs-as-joe sudo wrapper for SSH
  • register the user automounter in auto.master
  • restart autofs

Running autosshfs-user del joe will:

  • remove joe from the autosshfs group
  • remove the autosshfs-as-joe script
  • remove joe’s entry in auto.master
  • restart autofs

autosshfs-map

Returns the autofs map for the requested host.

Mountpoints are under /home/$USER/mnt/ssh

The whole remote host’s filesystem is mounted, only accessible to the user.

The script is called from auto.master.

autosshfs-ssh

A wrapper to the ssh command that will force automount to use the user’s SSH setup, including password-protected SSH keys, as long as they’re available to the keychain.

It is called by autosshfs-as-joe (using sudo) and loads joe’s keychain.