Sshfs will not use ~/.ssh/config (on Linux Mint 15)

linuxlinux-mintnetworkingsshfs

Local:         Linux Mint 15 - Olivia
/proc/version: Linux version 3.8.0-19-generic (buildd@allspice) (gcc version 4.7.3 (Ubuntu/Linaro 4.7.3-1ubuntu1) )
ssh -V:        OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
sshfs -V:      SSHFS version 2.4
               FUSE library version: 2.9.0
               fusermount version: 2.9.0
               using FUSE kernel interface version 7.18

Remote:        Ubuntu 12.04.3 LTS
/proc/version: Linux version 3.10.9-xxxx-std-ipv6-64 (kernel@kernel.ovh.net) (gcc version 4.7.2 (Debian 4.7.2-5) )
ssh -V:        OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012

I'm trying to set up a password-less mount of a remote server using sshfs and fuse. The remote server is running on a non standard port and I will be using a ssh key pair to authenticate.

When successful I will be repeating this for three more remote servers each with different keys so I do need to be able to specify which key maps to which remote server.

I based my modifications off this tutorial

  • The public key is in remote:authorized_keys
  • I have added my local user to the fuse group.
  • I have edited my local ~/.ssh/config to have (per server):

`

Host [server_ip]
  Port = [port]
  IdentityFile  = "~/.ssh/[private_key]"
  User = "[user]"

`

Whenever I try to mount the remote server locally I get prompted for the remote user's password (not my private key's password). The remote user has a long randomly generated password that I'd like to not have to save or remember and so keys is how I want to do this.

I can connect through ssh (combined with the ~/.ssh/config file) using the command ssh [ip] so I know that the config file can be read correctly as I am asked for my key's passphrase not the remote user's.

To even attempt to connect to the remote server I have to manually specify the full connection details in the command: `sshfs [user]@[ip]:[remote_path] [local_path] -p [port]

What I've tried so far:

  • ssh-add /path/to/key (successful addition)
  • Specifying PreferredAuthentication = publickey in ~/.ssh/config
  • sshfs -o IdentityFile=/path/to/key user@ip:/ /my/mnt/dir
  • sshfs user@ip:/ /my/mnt/dir -o IdentityFile=/path/to/key
  • temp rename of key to default of id_rsa
  • sshfs -F ~/.ssh/config

Is there a remote or local configuration file that I'm overlooking? Some switch or option that I need to include in the call to sshfs (tried -F) to force it to read and use my ssh config?

Output of ssh -v -p [port] [user]@[remote_ip]

OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/[me]/.ssh/config
debug1: /home/[me]/.ssh/config line 2: Applying options for [remote_ip]
debug1: /home/[me]/.ssh/config line 24: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to [remote_ip] [[remote_ip]] port [port].
debug1: Connection established.
debug1: identity file /home/[me]/.ssh/[private_key] type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/[me]/.ssh/[private_key]-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: [key]
debug1: checking without port identifier
debug1: Host '[remote_ip]' is known and matches the ECDSA host key.
debug1: Found key in /home/[me]/.ssh/known_hosts:7
debug1: found matching key w/out port
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/[me]/.ssh/[private_key]
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to [remote_ip] ([[remote_ip]]:[port]).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
debug1: Sending env LC_CTYPE = en_GB.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.10.9-xxxx-std-ipv6-64 x86_64)

Edit:
I found the problem. I was trying to mount the remote location to /mnt/new_dir using sudo. If I mount to a location within my local home then it works. sshfs -p [port] [user]@[ip]:/ /home/[me]/tmp/mount.

I have now done a sudo chown root:fuse /mnt/new_dir and sudo chmod 774 /mnt/new_dir and I believe that all's working as intended.

Are there any security issues with this set up that I need to be aware of? (My own user and root are the only members of of the fuse group.

Best Answer

If you're using sudo then you're likely using root's credentials to mount, which I do not believe is what you want. I wouldn't probably do what you're asking, wrt. mounting to /mnt as user1 and acessing as user2. It's going to get complicated with groups & user permissions. If you truly want to mount a directory to /mnt to share then you really should be mounting it via the system level for all using autofs.

Automounting

There are 3 methods that I'm aware of for automounting a mount such as this.

Related Question