To mount a directory via sshfs in fstab, I found no instruction that worked for me on an ubuntu 8.04 installation.
I have created a user which is allowed to log in only via sftp to my server, and I now wanted a directory on the server being visible readonly on my client, mounted over sftp to maintain ease of configuration and high security. Fuzzing around with smbfs, nfs or something else seemed like a bad idea as I want the same solution to work also over internet, where the only entrance hole through my server is via ssh anyway.
Setup the server so it is possible to sftp to it. See my previous post. I call this user romusic. The server is at 192.168.0.10 below. I carry out commands in a root shell (typing sudo is not my thing, really) by issuing "sudo su - " in the beginning.
Setup passwordless ssh login (see any of the million posts on this if you need more info).
$ssh-keygen
Copy the contents of the generated .pub key into ~/.ssh/authorized_keys on the server. Copy the private key to /root/id_rsa_romusic
make sure sshfs works as a user (using a password here)
$sshfs romusic@192.168.0.10:musik/ musik/
To be able to pass the identity file to ssh via sshfs we have to make a wrapper. This step is what is not covered in the posts I found on the subject. That is because I could not pass "ssh -i id_rsa" as ssh executable to sshfs, this made it complain over execvp. Here is the workaround:
Create the file /root/ssh_i_romusic.sh
#!/bin/sh
/usr/bin/ssh -c arcfour -i /root/id_rsa_romusic $@
Note that I also use cipher arcfour to speed things up here, this should be avoided unless you trust your network somewhat. Just leave it out if you do not know what it means or if you are on a potentially untrusted network.
Do not forget to set that file owned by root:root and it is executable and not writable.
Create a mount point
$mkdir /mnt/musik
Make sure you can mount (this is also needed to accept the key id, needed only once)
$sshfs romusic@192.168.0.10:musik/ /mnt/musik/ -o allow_other,uid=0,gid=0,reconnect,umask=222,sshfs_debug,sshfs_debug,"ssh_command=/root/ssh_i_romusic.sh"
I accepted the key and everything went fine. I now umount and then head for /etc/fstab to make it mount automagically.
$fusermount -u -z /mnt/musik
my fstab entry:
sshfs#romusic@192.168.0.10:musik/ /mnt/musik/ fuse ro,allow_other,uid=0,gid=0,reconnect,umask=222,sshfs_debug,sshfs_debug,ssh_command=/root/ssh_i_romusic.sh 0 0
Make sure everything works by
mount -a
and see there are no complaints.
After that, /mnt/musik should be readable.
8 kommentarer:
I tried this and got
execvp: Permission denied
As someone who's never done this before, I'm not clear about WHERE and AS WHOM.
Each time you give a command to type in, which box am I supposed to be typing that on (client or host) and as what user should I be typing that command?
I followed your example exactly as listed in your blog (assuming I am supposed to be logged in as root from the client machine)
But it still asks me for a password when I connect.
It works as you listed, just a bit difficult to understand the first time...
Thanks! got it working great now!
Its easier to use the option IdentityFile in fstab. So you don't need a shell script:
sshfs#username@hostname:/directory /mountpoint fuse noauto,uid=0,gid=0,IdentityFile=/root/secret_keys/id_rsa 0 0
The key must be owned by the user, who whants to mount the volume, if you whant to mount it as normal user.
You can add all options, you can use with ssh.
You dont need the wrapper and ssh command, just create your key under root and supply:
sudo su
#ssh-keygen
choose no passphrase
#cat ~/.ssh/id_rsa.pub | ssh root@remote 'cat >> /root/.ssh/authorized_keys '
all done :)
Hi
When I try all these step I ended getting " only root can mount sshfs#"
message in the terminal when i try to mount the lines in the fstab file. I can mount the drive from the command line no problem.
Well your article helped me altogether much in my college assignment. Hats off to you post, will look progressive in behalf of more cognate articles in a jiffy as its united of my favourite topic to read.
Skicka en kommentar