Autofs doesn’t provide an easy way to mount SSHFS filesystems as a regular user. HOWTOs abound on the topic, but rarely propose a solution involving the user’s ssh-agent and password-protected keys.
Autosshfs provides helper scripts to manage user automounts using
SSHFS and keychain.
This program was heavily inspired by Josh Jackson’s autofs_sshfs, published at http://pturing.firehead.org/software/autofs_sshfs/
Copyright 2011,2012 hellekin <[email protected]>
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
See: COPYING (or run make license if you’re online)
sudoprivilege (for installation)ssh,sshfs,autofs,keychain,ssh-askpass
sudo apt-get install keychain ssh-askpass sshfs autofs git clone https://github.com/hellekin/autosshfs.git cd autosshfs && sudo make install sudo autosshfs-user add $(id -un)
If you don’t already have an SSH key, create one now
if [ ! -r $HOME/.ssh/id_rsa ]; then ssh-keygen; fi
ssh-copy-id [user@]yourremotehost[:port]
You MUST copy the public part of the SSH key to the user@yourremotehost’s .ssh/authorized_keys file in order to allow password-less connections. ssh-copy-id will do that for you. Connections will silently fail if your public key isn’t known to the remote host (internally, the automount daemon will be waiting at a “Password: ” prompt).
ls ~/mnt/ssh/[user@]yourremotehost[:port]
This will cause the autofs automount to attempt an SSH connection to [user@]yourremotehost[:port]
The values denoted by square brackets are optional.
By default the connection to ‘yourremotehost’ will use the same user-name as you have on the localhost. It is possible to specify a different user-name and a non-standard port for connections to ‘yourremotehost’.
The following are all valid:
ls ~/mnt/ssh/yourremotehost ls ~/mnt/ssh/yourremotehost:1234 ls ~/mnt/ssh/user@yourremotehost ls ~/mnt/ssh/user@yourremotehost:1234
This section describes how the whole thing works.
- Each entry MUST point to under user’s $HOME. We assume it takes the form
/home/$USER/mnt/ssh/mountpoint
In any other case it will break.
- UID and GID must match
id -u $USERandid -g $USER - $USER must be in group autossh
/home/joe/mnt/ssh program:/usr/local/sbin/autosshfs-map uid=1234,gid=1234,--timeout=600,--ghost
This program enables or disables the automount service for a user.
Running autosshfs-user add joe will:
- add
joeto theautosshfsgroup - create a
autosshfs-as-joesudo wrapper for SSH - register the user automounter in
/etc/auto.master restart autofs
Running autosshfs-user del joe will:
- remove
joefrom theautosshfsgroup - remove the
autosshfs-as-joescript - remove
joe’s entry in/etc/auto.master restart autofs
Returns the autofs map for the requested host.
Mountpoints are under /home/$USER/mnt/ssh
The whole remote host’s filesystem is mounted, only accessible to the user.
The script is called from /etc/auto.master.
A wrapper to the ssh command that will force automount to use
the user’s SSH setup, including password-protected SSH keys, as
long as they’re available to the keychain.
It is called by autosshfs-as-joe (using sudo) and loads
joe’s keychain.