Skip to content
This repository

Per user SSHFS automount using user's SSH configuration

branch: master

Version 0.3.0 -- Flying Edward (to safety)

This release adds support for ArchLinux, thanks to the precious help of
@korakinos, and @jonbrett. (See pull #8) It does not bring new functionality
other than being ready-to-use on non-Debian systems.

*

It occurs at an interesting moment in history, where a whistleblower name Edward
Snowden is chased by the U.S.A. for leaking secrets about a global surveillance
system operated by the NSA: PRISM. Today, in order to prevent Snowden from
seeking asylum, the U.S.A. and its allies from Europe (Portugal, France, Italy,
and Austria) are abusing the rules of diplomacy. They're threatening the life of
President Evo Morales of Bolivia, by refusing their aerial space to his
presidential plane on its way back from Russia, where Snowden found a temporary
refuge, on the suspicion that the whistleblower might be on board.

That is unprecedented, and as in the reclusion of Julian Assange, demonstrates
once again the unilaterality of the "democratic rule", where a
pseudo-democratic-superpower-gone-out-of-control respects or violates diplomacy,
human rights, or the Constitution as it sees fit.

    The best weapon of a dictatorship is secrecy, but the best
    weapon of a democracy should be the weapon of openness.
    -- Niels Bohr
latest commit c9dc8cdd82
authored July 02, 2013
Octocat-spinner-32 bin Support various methods of restarting autofs July 02, 2013
Octocat-spinner-32 doc Add 'workaround=rename' mount option (Fixes #4 thank you @jonbrett) May 21, 2013
Octocat-spinner-32 src Location of auto.master varies among systems July 02, 2013
Octocat-spinner-32 COPYING Initial Commit January 18, 2011
Octocat-spinner-32 ChangeLog Version 0.3.0 -- Flying Edward (to safety) July 02, 2013
Octocat-spinner-32 Makefile rm -rf scares me. July 02, 2013
Octocat-spinner-32 README.org Update README July 02, 2013
Octocat-spinner-32 VERSION Version 0.3.0 -- Flying Edward (to safety) July 02, 2013
README.org

autosshfs – Per user SSHFS automount using user’s SSH config and keys.

Introduction

Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.

Autosshfs provides helper scripts to manage user automounts using SSHFS and keychain.

This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at http://pturing.firehead.org/software/autofs_sshfs/

License

Copyright 2011,2012,2013 hellekin <hellekin@cepheide.org>

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

See: COPYING (or run make license if you’re online)

Requirements

  • sudo privilege (for installation)
  • ssh, sshfs, autofs, keychain, ssh-askpass, shadow-utils

Quick Install

   sudo apt-get install keychain ssh-askpass sshfs autofs
   git clone https://github.com/hellekin/autosshfs.git
   cd autosshfs && sudo make install
   sudo autosshfs-user add $(id -un)

If you don’t already have an SSH key, create one now

   if [ ! -r $HOME/.ssh/id_ecdsa ]; then ssh-keygen -b 521 -t ecdsa; fi
   ssh-copy-id [user@]yourremotehost[:port]

You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).

Usage

   ls ~/mnt/ssh/[user@]yourremotehost[:port]

This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]

The values denoted by square brackets are optional.

By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.

The following are all valid:

   ls ~/mnt/ssh/yourremotehost
   ls ~/mnt/ssh/yourremotehost:1234
   ls ~/mnt/ssh/user@yourremotehost
   ls ~/mnt/ssh/user@yourremotehost:1234

Operation

This section describes how the whole thing works.

/etc/auto.master (or /etc/autofs/auto.master)

  1. Each entry MUST point to under user’s $HOME. We assume it takes the form
     /home/$USER/mnt/ssh/mountpoint

In any other case it will break.

  1. UID and GID must match id -u $USER and id -g $USER
  2. $USER must be in group autossh

Example:

  /home/joe/mnt/ssh program:/usr/local/bin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost

Since @7f2007b, workaround=rename is enabled by default to mimick POSIX behavior when renaming files (see Issue #4), e.g., to avoid issues with moving files in SVN repositories. If that option is not what you want, please reopen the issue so we devise a better solution.

autosshfs-user

This program enables or disables the automount service for a user.

Running autosshfs-user add joe will:

  • add joe to the autosshfs group
  • create a autosshfs-as-joe sudo wrapper for SSH
  • register the user automounter in auto.master
  • restart autofs

Running autosshfs-user del joe will:

  • remove joe from the autosshfs group
  • remove the autosshfs-as-joe script
  • remove joe’s entry in auto.master
  • restart autofs

autosshfs-map

Returns the autofs map for the requested host.

Mountpoints are under /home/$USER/mnt/ssh

The whole remote host’s filesystem is mounted, only accessible to the user.

The script is called from auto.master.

autosshfs-ssh

A wrapper to the ssh command that will force automount to use the user’s SSH setup, including password-protected SSH keys, as long as they’re available to the keychain.

It is called by autosshfs-as-joe (using sudo) and loads joe’s keychain.

Something went wrong with that request. Please try again.