How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba
http://ubuntuforums.org/showthread.php?t=580989
At home i have a unix (unslung) based router with an usb harddisk mounted on it wich supports ssh and scp
My goal is to have access to that remote file system as it was a local file system from the folder /RemoteDiskSSH on my Laptop running Ubuntu 7.10
I want it to be a secure connection because i allso want to be able to have access to the remote file system over the internet.
For me automaticly mounting and dismounting the remote drive with sshfs is the solution for me.
As I justinstalled gutsy Ubuntu 7.10 I wrote along this howto in order to document it for my self but allso for others to use. .
First the package sshfs is needed.
This can be installed with the synaptics package manager. Search for sshfs, mark it and have it installed.
After installed sshfs installed, test if you can mount a ssh/scp accessable remote file system.
create a directory where you want to mount it on
Code:
sudo mkdir /RemoteDiskSSH
Mount the desired remote directory on your local file system.
Code:
sudo sshfs remoteuser@remote.machine.address:/Remote/Directory/to/mount /RemoteDiskSSH
If all went oke you can now access the remote file system as it was a local file system from the local folder /RemoteDiskSSH
Code:
sudo ls /RemoteDiskSSH
Want to be able to use the local rights system on that folder? (just if you dont want to go on but want to be able to mount a remote filesystem and have the
local rights translated to it.)
Code:
sudo sshfs -o allow_other,default_permissions remoteuser@remote.machine.address:/Remote/Directory/to/mount /RemoteDiskSSH
now the local rights system will work for this mount
to unmount it just give the command
Code:
sudo fusermount -u /RemoteDiskSSH
As i want the remote directory mount automaticly (with autofs described later on)
i need a passwordless ssh login. This can be done with help of generating public keys.
A public key for the local system is generated with the command:
Code:
ssh-keygen -t rsa
(hit enter so its saved in your home directory under .ssh/id_rsa
(hit enter for no passphrase)
you have now a .ssh directory with two files
id_rsa and id_rsa.pub
id_rsa is your private key ! protect it well let only YOU have rights on it (default) as if this gets compromised
anyone can gain access to your remote host
id_rsa.pub is the public key it is readable by others and this is what you have to send to the remote host so it can have it in its authorized_keys file
Copy now the public key to the remote machine
Code:
scp ~/.ssh/id_rsa.pub remoteuser@remote.machine.address:~/.
logon with an ssh client to the remote machine the id_rsa.pub file content must be added to the authorized_keys file in the .ssh directory of the homedir of the user you want to connect as.
In this example the remote users home directory
Code:
ssh remoteuser@remote.machine.address
cat ~/id_*.pub >> ~/.ssh/authorized_keys
A alternative simpeler way to get your public key in the authorized_keys file of your remote host is with ssh-copy-id
from your local machine type
Code:
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser@remote.machine.address
this does the whole process of copying your public key to the remote machnes users homedir in .ssh in authorized_keys
and sets the rights oke
As later on the mount is done by the local root user you need the public key of root too.
so give command
Code:
sudo gnome-terminal
to open a command terminal as user root and repeat the above procedure.
after this the file authorized_keys at the remote station has both the public key of the local user and the local root so it works in test and in production later when root does the mounwork....
Set the right rights for the file authorized_keys or the ssh deamon ( in my case dropbear) might not want to process the authorize_keys file
Code:
ssh remoteuser@remote.machine.address
chmod 0600 ~/.ssh/authorized_keys
logout from the remote machine and test.
Code:
ssh remoteuser@remote.machine.address
You should now be able to login without giving a password.
If it does not work debug with ssh -v option .
(same for the sudo gnome-terminal )
If it works you can see if the mount works passwordless too
Code:
sudo sshfs remoteuser@remote.machine.address:/Directory/to/mount /RemoteDiskSSH
So ! thats done!!! you can now mount the remote filesystem without using a password.
unmount again with:
Code:
sudo fusermount -u /RemoteDiskSSH
As i said i want the remote filesystem to be mounted automaticly as soon as i try to access it. This can be done with autofs.
First install autofs by starting the synaptics package manager search for autofs, mark for install and have it installed.
theres now a auto.master configuration file in /etc
add the line
/etc/auto.master
Code:
RemoteDiskSSH /etc/auto.ssh uid=1000 gid=1000 -v --ghost --timeout=3600
uid and gid are the local user and group id you want the mount to belong to.
--ghost is the directory will be ghost mounted so you see it with an ls but the actual mount is done when you access it
--timeout gives the maximum inactivity time for the mount. After that it is auto dismounted again.
One more config file is needed and that is /etc/auto,ssh
create the file and put in the following line:
/etc/auto.ssh
Code:
RemoteDiskSSH -fstype=fuse,port=22,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs\#remoteuser@remote.machine.address\:/Directory/to/mount
You can now test the autofs mounting by starting and stopping the automount service
Code:
sudo /etc/init.d/autofs restart
in /var/log/syslog are the loggings
start a separate command terminal and give this command to follow it all.
Code:
tail -f /var/log/syslog
check if it worked
Code:
ls /RemoteDiskSSH
if all is oke you see the content of the remote file system.
The same you can actually do for a windows or samba share
The question is if you want this as in Ubuntu 7.10 gutsy if you goto menu Places and then browse network locations, you can easily get to the windows shares in your network. (I prefer doing the above)
Nevertheless ill describe here how it can be done using smbfs and autofs.
first you have to install smbfs
Start the synaptics package manager, search for smbfs, mark and install it.
the line for the /etc/auto.master file is
Code:
/ /etc/auto.Samba --ghost -v --timeout=300
Create the file /etc/auto.samba
and fil it with the following line:
/etc/auto.samba
Code:
RemoteDiskSamba -fstype=smbfs,workgroup=WORKGROUPNAME,credentials=/etc/samba.credentials,uid=remoteuser,gid=users ://remote.server.address/ShareName
Then create the credentials file in /etc/samba.credentials
fill this file with the following lines:
/etc/samnba.credentials
Code:
username = remoteusername
password = remotepassword
take care only root can see this file
Code:
sudo chmod 600 /etc/samba.credentials
If this is done just restart the autofs
Code:
sudo /etc/init.d/autofs restart
(tail -f /var/log/syslog in a seperate terminal to see the loggings)
and see if it works.
Good luck!
