{"id":249,"date":"2007-05-02T23:28:34","date_gmt":"2007-05-03T04:28:34","guid":{"rendered":"http:\/\/www.mccambridge.org\/blog\/2007\/05\/totally-seamless-sshfs-under-linux-using-fuse-and-autofs\/"},"modified":"2022-09-11T00:40:43","modified_gmt":"2022-09-11T00:40:43","slug":"totally-seamless-sshfs-under-linux-using-fuse-and-autofs","status":"publish","type":"post","link":"http:\/\/www.mccambridge.org\/blog\/2007\/05\/totally-seamless-sshfs-under-linux-using-fuse-and-autofs\/","title":{"rendered":"Totally Seamless SSHFS under Linux using Fuse and Autofs"},"content":{"rendered":"

This is awesome.<\/strong><\/p>\n

I worked on this for something like 2 hours this afternoon, and finally tracked down all the nuances to get it working. I’m really pleased with the results, and hope that they can be of some to use to you as well, because I could not find a decent tutorial on this subject despite extensive Googling<\/a>.<\/p>\n

The Problem: Connect to a remote filesystem over SSH<\/h3>\n

Odds are if you’ve stumbled on this tutorial, you already know the problem: You want to access a remote file system over SSH. You want to use FUSE SSHFS, and you don’t want to ever have to think about it, so you’re looking for Autofs integration. To keep this to the point, I’m going to skip over the installation of these packages and just explain the configuration, especially since installation is very distribution specific. I’ll simply say on my system (Ubuntu Feisty) it consisted of:<\/p>\n

sudo apt-get install sshfs autofs<\/pre>\n
The Solution<\/h3>\n
Getting SSHFS to work with Autofs really isn’t hard, you just need the magic configuration.  Here’s how I got things working for me:<\/p>\n
    \n
  1. Set up certificate authentication for your local<\/em> root<\/strong> to the remote account on the remote machine, by use of sudo ssh-keygen<\/code> locally, and the (remote account’s) ~\/.ssh\/authorized_keys<\/code> file.<\/li>\n
  2. Test the certificate authentication by verifying that the following command does not<\/em> prompt for your remote password:\n
    sudo ssh remoteuser@remotehost uptime<\/pre>\n<\/li>\n
  3. Test that sshfs can establish the requisite connection:\n
    sudo mkdir \/mnt\/sshfs_temp\nsudo sshfs remoteuser@remotehost: \/mnt\/sshfs_temp\nsudo fusermount -u \/mnt\/sshfs_temp\nsudo rmdir \/mnt\/sshfs_temp<\/pre>\n
    Note that the :<\/code> is required after the host to specify the remote directory.  (:<\/code> alone means the remote user’s home.  :\/remote\/path<\/code> indicates a remote path.)<\/li>\n
  4. Add the following line to your \/etc\/auto.master<\/code><\/strong> file:\n
    \/mnt\/ssh<\/strong> \/etc\/auto.sshfs        uid=1000<\/strong>,gid=1000<\/strong>,--timeout=30<\/strong>,--ghost<\/pre>\n
    Where \/mnt\/ssh<\/strong> is the path you want all ssh automounts to appear in,
    \n1000<\/strong> is the UID of the user you want the sshfs mount to belong to (i.e., be writable by),
    \n1000<\/strong> is the GID of the user you want the sshfs mount to belong to, and
    \n30<\/strong> is the timeout in seconds to keep the FUSE connection alive.<\/li>\n
  5. Copy the following into a new file \/etc\/auto.sshfs<\/code><\/strong>:\n
    #\n# This is an automounter map and it has the following format\n# key [ -mount-options-separated-by-comma ] location\n# Details may be found in the autofs(5) manpage\nremote1     -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs#remoteuser@remotehost1:\nremote2  -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs#remoteuser2@remotehost2:\/remote\/path\n<\/pre>\n
    This creates two sshfs mappings (obviously, adding or removing lines creates more or fewer mappings).
    \nThe first will be at \/mnt\/ssh\/remote1<\/code>, and map to the home directory of remoteuser<\/code> on the host remotehost1<\/code>.
    \nThe second will be at \/mnt\/ssh\/remote2<\/code>, and map to the directory \/remote\/path<\/code> on the host remotehost2<\/code>, with the permissions of the user remoteuser2<\/code>.
    \nNote the <\/code> characters to escape #<\/code> and :<\/code><\/strong>  These escape characters are what took me two hours to track down:  FUSE requires a parameter of the form: sshfs#user@host:directory<\/code>, but autofs treats everything following a #<\/code> as a comment, and the :<\/code> character has a special meaning.  These characters must be escaped by a <\/code><\/li>\n
  6. Restart autofs to reload the configuration files:\n
    sudo \/etc\/init.d\/autofs restart<\/pre>\n<\/li>\n
  7. Test it out!  As root or the user indicated by uid<\/code> above, run:\n
    ls \/mnt\/ssh\/remote1<\/pre>\n
    You should be greeted by the contents of the remote file system.  Congratulations!<\/li>\n<\/ol>\n
    The Problems<\/h3>\n
      \n
    • This exact setup only works for one user due to specifying a uid.  This is fine for a home desktop system, but will likely need further work to allow multiple users access to the remote filesystem.  Perhaps careful usage of gid could alleviate this problem, though logging into the remote machine as a specific user still represents a security risk.<\/li>\n
    • I have not examined the architecture enough since I am only seeking to enable my home desktop system, so I cannot vouch for the security of this setup<\/strong> whatsoever.  For example, the use of the allow_other option for FUSE may have security consequences since the mountpoint is created as root (to my understanding, at least).<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
      You want to access a remote file system over SSH.  You want to use FUSE SSHFS, and you don’t want to ever have to think about it, so you’re looking for Autofs integration.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,8,30],"tags":[],"_links":{"self":[{"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/posts\/249"}],"collection":[{"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/comments?post=249"}],"version-history":[{"count":1,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/posts\/249\/revisions"}],"predecessor-version":[{"id":1671,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/posts\/249\/revisions\/1671"}],"wp:attachment":[{"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/media?parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/categories?post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mccambridge.org\/blog\/wp-json\/wp\/v2\/tags?post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}