automatic mount via sshfs

orschiro · 2009-06-20 00:01:19

Hello guys,

I set up sshfs using the /home directory of my server and mounting it on /mnt/server. I had to configure the directory permission but now I'm able to mount the directory as normal user with that command:

sshfs user@serverip:/home/user /mnt/server

The next step I tried was to mount my server directory automatically using the fstab method from the wiki. So I added

sshfs#user@serverip:/home/user /mnt/server fuse defaults 0 0

to my fstab, rebooted my system but nothing was mounted. What's wrong? I have to add that I already set up a SSH Key.

Best regards.

Last edited by orschiro (2009-06-20 00:01:55)

TheBodziO · 2009-06-20 16:26:12

Filesystems listed in fstab are mounted before the network is up. I'd add my own "/etc/rc.d/sshfs" and start it from "/etc/rc.conf" or better yet I'd mount it while I'm logging in (e.g. ".bash_profile")

fijam · 2009-06-20 16:39:22

Or you can use autofs for that.

.:B:. · 2009-06-20 20:04:29

I don't see how you are going to automount an sshfs share if you are to provide the password...

If you plan doing this by putting your SSH password somewhere in plain text (provided it's possible that SSH/sshfs want to work with that at all), you might as well scratch the whole idea and go NFS.

i hope you also noted this part in the wiki article:

Although the above will not work automatically unless you are using a ssh key for the user. Using SSH Keys.

There's nothing automatic about it, you can't have your SSH keys cached automatically, and without that, there's no automatical mounting either. It *needs* user intervention at some point.

gazj · 2009-06-20 21:08:43

B wrote:

I don't see how you are going to automount an sshfs share if you are to provide the password...
If you plan doing this by putting your SSH password somewhere in plain text (provided it's possible that SSH/sshfs want to work with that at all), you might as well scratch the whole idea and go NFS.
i hope you also noted this part in the wiki article:
Although the above will not work automatically unless you are using a ssh key for the user. Using SSH Keys.
There's nothing automatic about it, you can't have your SSH keys cached automatically, and without that, there's no automatical mounting either. It *needs* user intervention at some point.

B looks at this (ssh with no password) saves you loads of typing http://linuxproblem.org/art_9.html

gazj · 2009-06-20 21:11:52

I use NFS on my home workstation, on my laptop I use sshfs and unison (a two way rsync program) to synchronize with my server. Hence the following script. I know it's not exactly what your looking for, but at the worst you can put the sshfs command into your /etc/rc.local file. The reason I don't do this is because if I am working away I might want to mount my sshfs filesystem through my servers dns name.

gary@Lister ~ $ cat .bin/syncup 
#!/bin/bash
umount /data
sshfs reddwarf:/data/home /data
unison /data/gary /home/gary/Documents -auto -batch -mountpoint .syncproof -logfile /dev/null -prefer /data/gary

Last edited by gazj (2009-06-20 21:16:19)

.:B:. · 2009-06-20 21:21:52

gazj wrote:

B look at this (ssh with no password) saves you loads of typing http://linuxproblem.org/art_9.html

...

That page horribly misses the point of what keys are for (and so do people who do not put passphrases on their keys). You might as well open it all up then.

gazj · 2009-06-20 21:24:22

B wrote:

gazj wrote:
B look at this (ssh with no password) saves you loads of typing http://linuxproblem.org/art_9.html
...
That page horribly misses the point of what keys are for (and so do people who do not put passphrases on their keys). You might as well open it all up then.

Please do let me know then, I would like to know (this isn't on my root account) becuase this server can be logged onto from the o/s world.

Thanks

.:B:. · 2009-06-20 21:46:17

The thing is, keys add an additional layer of security. Keys need to be captured before they can be used (the private key, that is) but what a lot of people do is, instead of using them for enhanced security (no transfer of password data over the connection), use them because it's easy - that is, you can have an empty passphrase with keys where you can't have an empty password with SSH (it uses the password from the user account you're trying to log in to).

If a key is compromised without you knowing, the attacker still needs the passphrase. With an empty passphrase, the key is an open door.

gazj · 2009-06-20 21:57:38

I can see your point and I must admit I don't understand the complexity keys etc. But how would an attacker get the key, he would need to have the system compromised to get it. I probably am being stupid, like I say I don't totally understand it. :S

Thanks for you help though

firecat53 · 2009-06-20 22:01:40

I have ssh-agent setup to ask for my passphrase on the first login after I bootup the machine. This works quite well, and then I don't have to worry about passphrase entry for automated ssh/rsync backups, or logging in to my server for whatever.
in ~/.bashrc --

SSH_ENV="$HOME/.ssh/environment"
function start_agent {
     echo "Initialising new SSH agent..."
     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
     echo succeeded
     chmod 600 "${SSH_ENV}"
     . "${SSH_ENV}" > /dev/null
     /usr/bin/ssh-add;
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
     . "${SSH_ENV}" > /dev/null
     ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
         start_agent;
     }
else
     start_agent;
fi

The code isn't mine, but pieced together from several tutorials (don't remember where!) I believe this is basically the same thing that, for example, the gnome-keyring does when it asks for your keyring password. Just doing it the lightweight KISS way

Good luck!
Scott

Last edited by firecat53 (2009-06-20 22:04:35)

.:B:. · 2009-06-20 22:02:14

If you keep it only on one, local, system: yes. If you e.g. put it on a USB key because you need access from multiple locations, it's a whole lot easier.

You're not being stupid . It can seem farfetched sometimes, but that also goes for keylogging, breaking firewalls, etc. Lots of people think it doesn't happen to them.

gazj · 2009-06-20 22:09:49

B Thanks for your help. It is only kept on my laptop and nowhere else. You have raised some valid points to my attention though. I can see how the key is very much like a real key and you need to keep them safely guarded.

Thanks

Sorry to the OP :S went way off topic there.

anrxc · 2009-06-20 23:25:19

firecat53 wrote:

I have ssh-agent setup to ask for my passphrase on the first login after I bootup the machine. in ~/.bashrc
<snip>
Just doing it the lightweight KISS way

This is way too complicated. If you use GPG you can use the gpg-agent for both GPG and SSH keys. All it takes is: eval `gpg-agent --enable-ssh-support --daemon` in your xinitrc or shell rc.

Edit: see here if you want to know more.

Last edited by anrxc (2009-09-22 12:23:17)

.:B:. · 2009-06-21 01:49:14

[offtopic]
Firecat: does that handle multiple keys, or just one?
[/offtopic]

firecat53 · 2009-06-21 03:19:09

@anrxc -- that looks like a pretty neat solution, sort of like a lightweight multi-purpose (although I don't use GPG) keyring. However, if I understand it correctly, it will not prompt for the passphrase until the first time its actually needed, right? I looked at the man page and didn't see an option to intiate the passphrase prompt immediately on startup. It would then not be as useful for things such as an unattended backup that starts when you're not sitting at the machine and it has been recently rebooted with no use of ssh keys yet -- like my laptop, which gets shutdown more frequently than a desktop might, and therefore that backup would fail for me the first time after a reboot. I think it would otherwise work the same if that could be prompted for right away on startup (kind of a pain typing login password and then passphrase, but ... it's secure and works!)

@B -- I only use one key, but according to the man page, ssh-agent will support multiple keys. I guess it would probably prompt you for each passphrase when you start ssh-agent the first time?

Scott

Last edited by firecat53 (2009-06-21 03:19:19)

Arch Linux

#1 2009-06-20 00:01:19

automatic mount via sshfs

#2 2009-06-20 16:26:12

Re: automatic mount via sshfs

#3 2009-06-20 16:39:22

Re: automatic mount via sshfs

#4 2009-06-20 20:04:29

Re: automatic mount via sshfs

#5 2009-06-20 21:08:43

Re: automatic mount via sshfs

#6 2009-06-20 21:11:52

Re: automatic mount via sshfs

#7 2009-06-20 21:21:52

Re: automatic mount via sshfs

#8 2009-06-20 21:24:22

Re: automatic mount via sshfs

#9 2009-06-20 21:46:17

Re: automatic mount via sshfs

#10 2009-06-20 21:57:38

Re: automatic mount via sshfs

#11 2009-06-20 22:01:40

Re: automatic mount via sshfs

#12 2009-06-20 22:02:14

Re: automatic mount via sshfs

#13 2009-06-20 22:09:49

Re: automatic mount via sshfs

#14 2009-06-20 23:25:19

Re: automatic mount via sshfs

#15 2009-06-21 01:49:14

Re: automatic mount via sshfs

#16 2009-06-21 03:19:09

Re: automatic mount via sshfs

Board footer