Local: Linux Mint 15 - Olivia
/proc/version: Linux version 3.8.0-19-generic (buildd@allspice) (gcc version 4.7.3 (Ubuntu/Linaro 4.7.3-1ubuntu1) )
ssh -V: OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
sshfs -V: SSHFS version 2.4
FUSE library version: 2.9.0
fusermount version: 2.9.0
using FUSE kernel interface version 7.18
Remote: Ubuntu 12.04.3 LTS
/proc/version: Linux version 3.10.9-xxxx-std-ipv6-64 (kernel@kernel.ovh.net) (gcc version 4.7.2 (Debian 4.7.2-5) )
ssh -V: OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
I'm trying to set up a password-less mount of a remote server using sshfs and fuse. The remote server is running on a non standard port and I will be using a ssh key pair to authenticate.
When successful I will be repeating this for three more remote servers each with different keys so I do need to be able to specify which key maps to which remote server.
I based my modifications off this tutorial
- The public key is in remote:authorized_keys
- I have added my local user to the
fuse
group. - I have edited my local
~/.ssh/config
to have (per server):
`
Host [server_ip]
Port = [port]
IdentityFile = "~/.ssh/[private_key]"
User = "[user]"
`
Whenever I try to mount the remote server locally I get prompted for the remote user's password (not my private key's password). The remote user has a long randomly generated password that I'd like to not have to save or remember and so keys is how I want to do this.
I can connect through ssh (combined with the ~/.ssh/config
file) using the command ssh [ip]
so I know that the config file can be read correctly as I am asked for my key's passphrase not the remote user's.
To even attempt to connect to the remote server I have to manually specify the full connection details in the command: `sshfs [user]@[ip]:[remote_path] [local_path] -p [port]
What I've tried so far:
- ssh-add /path/to/key (successful addition)
- Specifying
PreferredAuthentication = publickey
in ~/.ssh/config - sshfs -o IdentityFile=/path/to/key user@ip:/ /my/mnt/dir
- sshfs user@ip:/ /my/mnt/dir -o IdentityFile=/path/to/key
- temp rename of key to default of
id_rsa
- sshfs -F ~/.ssh/config
Is there a remote or local configuration file that I'm overlooking? Some switch or option that I need to include in the call to sshfs (tried -F) to force it to read and use my ssh config?
Output of ssh -v -p [port] [user]@[remote_ip]
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/[me]/.ssh/config debug1: /home/[me]/.ssh/config line 2: Applying options for [remote_ip] debug1: /home/[me]/.ssh/config line 24: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to [remote_ip] [[remote_ip]] port [port]. debug1: Connection established. debug1: identity file /home/[me]/.ssh/[private_key] type 2 debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: identity file /home/[me]/.ssh/[private_key]-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: [key] debug1: checking without port identifier debug1: Host '[remote_ip]' is known and matches the ECDSA host key. debug1: Found key in /home/[me]/.ssh/known_hosts:7 debug1: found matching key w/out port debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering DSA public key: /home/[me]/.ssh/[private_key] debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: Enabling compression at level 6. debug1: Authentication succeeded (publickey). Authenticated to [remote_ip] ([[remote_ip]]:[port]). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 debug1: Sending env LC_CTYPE = en_GB.UTF-8 Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.10.9-xxxx-std-ipv6-64 x86_64)
Edit:
I found the problem. I was trying to mount the remote location to /mnt/new_dir using sudo. If I mount to a location within my local home then it works. sshfs -p [port] [user]@[ip]:/ /home/[me]/tmp/mount
.
I have now done a sudo chown root:fuse /mnt/new_dir
and sudo chmod 774 /mnt/new_dir
and I believe that all's working as intended.
Are there any security issues with this set up that I need to be aware of? (My own user and root are the only members of of the fuse
group.
Best Answer
If you're using
sudo
then you're likely using root's credentials to mount, which I do not believe is what you want. I wouldn't probably do what you're asking, wrt. mounting to/mnt
as user1 and acessing as user2. It's going to get complicated with groups & user permissions. If you truly want to mount a directory to /mnt to share then you really should be mounting it via the system level for all usingautofs
.Automounting
There are 3 methods that I'm aware of for automounting a mount such as this.