Index of /software/autofs

Index of /software/autofs_sshfs

 Name                        Last modified       Size  Description

 Parent Directory            09-Oct-2007 15:19      -  
 Changelog                   10-Jan-2008 20:29     1k  
 TODO                        10-Jan-2008 23:59     1k  
 auto.ssh.txt                26-Dec-2007 08:35     1k  
 sudo_ssh_user.sh.txt        22-Dec-2007 03:59     1k  
 sudo_ssh_workarounds.sh.txt 10-Jan-2008 20:16     1k

Here we have scripts to allow transparent access to remote files over ssh using autofs and sshfs-fuse.

Motivation

You have two cows^H^H^H^H linux boxes

Chances are good that if you use one linux machine, you use more than one. If you use more than one, you probably find yourself wanting to do things with files on one while you're sitting in front of another. So maybe you get some much needed exercise, and walk over to the other machine. But that doesn't work so well when the other machine is at home and you are at the office, or when you're at home and the other machine is a web server in a datacenter somewhere.

You're one bad nfs'ing, ftp'ing, scp'ing, rsync'ing mofo

So no problem. You've got all kinds of tools for moving files around. You bang out an scp command, or use something really slick like lftp. But wouldn't it be nice if you could just access all those remote files like they were local files? If you could just run something like

vi myhomemachine/home/drevil/plan_to_takeover_world.txt

Your mad schemes get in the way of your mad schemes

You'd like to edit that file like it was local without revealing your ingenious scheme to the world, so you put together a plan involving VPNs, firewalls, nfs, and a lot of pvc pipe. Now you're never going to get that text file edited.

Salvation

So let's look at how we can setup quick and secure access to your remote files. This method will:

Require no prior setup on the server, other than ssh access. No config files, no harebrained insecure daemons. You don't even need to have root.
Require no per-server setup on the client. No mount commands, no fstab entries.
Allow you to use all your normal commands and applications, be they graphical or command-line, to access remote files like local ones
Save you from typing your passwords/phrases a lot; typing one once per boot of the client machine will be sufficient in most cases
Keep your private keys encrypted on the disk, as they should be
Provide an easy way to disable this access before handing over your logged in machine to someone else (the only people who have any business with your private keys are you and the executor of your last will)
Immanentize the Eschaton

to get all of these, you must follow the 2nd set of instructions below

Installation

The slightly easier way

Install autofs and sshfs-fuse
(Debian / Ubuntu)

apt-get install autofs sshfs

(Gentoo)

emerge -av autofs sshfs-fuse

Place auto.ssh in /etc (or /etc/autofs if your distribution puts auto.master there)
Make auto.ssh executable:
```
chmod +x /etc/auto.ssh
```

mkdir -p /ssh; echo "/ssh /etc/auto.ssh" >> /etc/auto.master

Set up your root account to have passwordless ssh access to the remote servers you want to use, possibly by using my script, setup_sshkey.sh.txt
Set autofs to start by default, start it. Debian and Ubuntu do this automatically.
Go look in the a directory named after the remote server, such as
```
ls /ssh/user@example.com/
```
Or
```
/ssh/user@example.com:4000
```
(if sshd is listening on port 4000 of the server)

The totally secure, super sexy way, with benefits

Install autofs and sshfs-fuse as above, but also install keychain and x11-ssh-askpass
(Debian / Ubuntu)
```
apt-get install autofs sshfs keychain ssh-askpass
```
(Gentoo)
```
emerge -av autofs sshfs-fuse keychain x11-ssh-askpass sudo
```
Add this to your .bashrc file:
```
source ~/.keychain/`hostname`-sh
```
If you haven't already, generate an ssh key by running
```
ssh-keygen -t dsa
```
Be sure to give it a password
If you already have one but it's not encrypted, encrypt it with a password by running
```
ssh-keygen -p -f ~/.ssh/id_dsa
```
Copy your public key to some accounts on remote machines. My script, setup_sshkey.sh.txt can make this easy. Of course, you can add more later.
Copy sudo_ssh_user to /user/local/bin, rename it for your username, and edit it to use your username
Also copy sudo_ssh_workarounds to /usr/local/bin and (optionally) edit it
Create an auto.ssh_username in /etc/ (or /etc/autofs if your distribution puts auto.master there)
Edit auto.ssh_username to use your username
Make this new auto.ssh_username executable:
```
chmod +x /etc/auto.ssh_username
```
Add an entry such as
```
/home/username/ssh auto.ssh_username
```
to auto.master
Set autofs to start by default, start it. Debian and Ubuntu do this automatically.

Ubuntu Specific Steps

In System->Preferences->Indexing Preferences->Ignored Files, you should add entries for your /home/yourusername/ssh directory so Tracker won't attempt to index all files on the machines to which you connect
On Ubuntu, X starts an ssh-agent, which isn't ideal for us. Delete the contents of /etc/X11/Xsession.d/90x11-common_ssh-agent, and replace them with
```
eval `keychain -q --eval`
```
Then run:
```
killall ssh-agent
```
log out, and log back in

Notes

You can suspend access at any time by running
```
keychain --clear
```
When you are ready to use it again, simply cd over to a directory like ~/ssh/user@example.com/ and it will pop up a window to prompt you for the password, or run
```
keychain id_dsa
```

Continuation

Now that you have keychain, x11-ssh-askpass, and ssh-under-sudo all working together nicely, let's set up backups.

Backups? We don't need no stinking backups!

No really, I know you're not backing up your files because it's a pain in the arse, and requires all sorts of setup and configuration on the server. So do us both a favor and install rsnapshot. It's easy, and they've got a howto. A lot of the same features will apply; you don't need to setup anything on the remote machine being backed up except ssh access. Once you've got it installed, edit your rsnapshot.conf with this line:

cmd_ssh /usr/local/bin/sudo_ssh_YOURUSERNAMEHERE

That's it! Now your backup program can run as root so it can preserve file ownership, but you don't have to have a seperate ssh key setup for your root account.