Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

  1. #1
    Join Date
    Oct 2007
    Location
    Norway
    Beans
    18
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    At home i have a unix (unslung) based router with an usb harddisk mounted on it wich supports ssh and scp
    My goal is to have access to that remote file system as it was a local file system from the folder /RemoteDiskSSH on my Laptop running Ubuntu 7.10
    I want it to be a secure connection because i allso want to be able to have access to the remote file system over the internet.

    For me automaticly mounting and dismounting the remote drive with sshfs is the solution for me.

    As I justinstalled gutsy Ubuntu 7.10 I wrote along this howto in order to document it for my self but allso for others to use. .
    First the package sshfs is needed.
    This can be installed with the synaptics package manager. Search for sshfs, mark it and have it installed.
    After installed sshfs installed, test if you can mount a ssh/scp accessable remote file system.
    create a directory where you want to mount it on

    Code:
     sudo mkdir /RemoteDiskSSH

    Mount the desired remote directory on your local file system.

    Code:
    sudo sshfs remoteuser@remote.machine.address:/Remote/Directory/to/mount /RemoteDiskSSH
    If all went oke you can now access the remote file system as it was a local file system from the local folder /RemoteDiskSSH

    Code:
    sudo ls /RemoteDiskSSH
    Want to be able to use the local rights system on that folder? (just if you dont want to go on but want to be able to mount a remote filesystem and have the
    local rights translated to it.)

    Code:
    sudo sshfs -o allow_other,default_permissions remoteuser@remote.machine.address:/Remote/Directory/to/mount /RemoteDiskSSH
    now the local rights system will work for this mount

    to unmount it just give the command

    Code:
    sudo fusermount -u /RemoteDiskSSH
    As i want the remote directory mount automaticly (with autofs described later on)
    i need a passwordless ssh login. This can be done with help of generating public keys.
    A public key for the local system is generated with the command:

    Code:
    ssh-keygen -t rsa
    (hit enter so its saved in your home directory under .ssh/id_rsa

    (hit enter for no passphrase)

    you have now a .ssh directory with two files
    id_rsa and id_rsa.pub

    id_rsa is your private key ! protect it well let only YOU have rights on it (default) as if this gets compromised
    anyone can gain access to your remote host

    id_rsa.pub is the public key it is readable by others and this is what you have to send to the remote host so it can have it in its authorized_keys file


    Copy now the public key to the remote machine

    Code:
    scp ~/.ssh/id_rsa.pub remoteuser@remote.machine.address:~/.

    logon with an ssh client to the remote machine the id_rsa.pub file content must be added to the authorized_keys file in the .ssh directory of the homedir of the user you want to connect as.

    In this example the remote users home directory

    Code:
    ssh remoteuser@remote.machine.address
    cat ~/id_*.pub >> ~/.ssh/authorized_keys
    A alternative simpeler way to get your public key in the authorized_keys file of your remote host is with ssh-copy-id
    from your local machine type

    Code:
     ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser@remote.machine.address
    this does the whole process of copying your public key to the remote machnes users homedir in .ssh in authorized_keys
    and sets the rights oke



    As later on the mount is done by the local root user you need the public key of root too.

    so give command

    Code:
    sudo gnome-terminal
    to open a command terminal as user root and repeat the above procedure.

    after this the file authorized_keys at the remote station has both the public key of the local user and the local root so it works in test and in production later when root does the mounwork....

    Set the right rights for the file authorized_keys or the ssh deamon ( in my case dropbear) might not want to process the authorize_keys file

    Code:
    ssh remoteuser@remote.machine.address
    chmod 0600 ~/.ssh/authorized_keys
    logout from the remote machine and test.

    Code:
    ssh remoteuser@remote.machine.address
    You should now be able to login without giving a password.

    If it does not work debug with ssh -v option .

    (same for the sudo gnome-terminal )

    If it works you can see if the mount works passwordless too

    Code:
    sudo sshfs remoteuser@remote.machine.address:/Directory/to/mount /RemoteDiskSSH
    So ! thats done!!! you can now mount the remote filesystem without using a password.

    unmount again with:
    Code:
    sudo fusermount -u /RemoteDiskSSH
    As i said i want the remote filesystem to be mounted automaticly as soon as i try to access it. This can be done with autofs.

    First install autofs by starting the synaptics package manager search for autofs, mark for install and have it installed.

    theres now a auto.master configuration file in /etc
    add the line

    /etc/auto.master
    Code:
    RemoteDiskSSH /etc/auto.ssh uid=1000 gid=1000 -v --ghost --timeout=3600
    uid and gid are the local user and group id you want the mount to belong to.

    --ghost is the directory will be ghost mounted so you see it with an ls but the actual mount is done when you access it

    --timeout gives the maximum inactivity time for the mount. After that it is auto dismounted again.

    One more config file is needed and that is /etc/auto,ssh
    create the file and put in the following line:

    /etc/auto.ssh
    Code:
    RemoteDiskSSH -fstype=fuse,port=22,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs\#remoteuser@remote.machine.address\:/Directory/to/mount
    You can now test the autofs mounting by starting and stopping the automount service

    Code:
    sudo /etc/init.d/autofs restart
    in /var/log/syslog are the loggings
    start a separate command terminal and give this command to follow it all.
    Code:
    tail -f /var/log/syslog
    check if it worked

    Code:
    ls /RemoteDiskSSH
    if all is oke you see the content of the remote file system.

    The same you can actually do for a windows or samba share


    The question is if you want this as in Ubuntu 7.10 gutsy if you goto menu Places and then browse network locations, you can easily get to the windows shares in your network. (I prefer doing the above)

    Nevertheless ill describe here how it can be done using smbfs and autofs.

    first you have to install smbfs

    Start the synaptics package manager, search for smbfs, mark and install it.

    the line for the /etc/auto.master file is

    Code:
    / /etc/auto.Samba --ghost -v --timeout=300
    Create the file /etc/auto.samba

    and fil it with the following line:

    /etc/auto.samba
    Code:
    RemoteDiskSamba -fstype=smbfs,workgroup=WORKGROUPNAME,credentials=/etc/samba.credentials,uid=remoteuser,gid=users ://remote.server.address/ShareName
    Then create the credentials file in /etc/samba.credentials

    fill this file with the following lines:
    /etc/samnba.credentials
    Code:
    username = remoteusername
    
    password = remotepassword
    take care only root can see this file
    Code:
    sudo chmod 600 /etc/samba.credentials
    If this is done just restart the autofs

    Code:
    sudo /etc/init.d/autofs restart
    (tail -f /var/log/syslog in a seperate terminal to see the loggings)

    and see if it works.

    Good luck!
    Last edited by gaupe; January 4th, 2008 at 02:31 PM.

  2. #2
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS (+ howto for samba

    nice howto... just one suggestion. Code you run in the shell, plz put it into

    [ code] [ /code] brackets. That will make it a lot simpler to read

  3. #3
    Join Date
    Oct 2007
    Location
    Norway
    Beans
    18
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS (+ howto for samba

    Thnx for the advice. i didn't know how to do that [ code] [ /code] stuff but edited the post
    also saw it automaticly put in [ email] tags where they shouldn't be.... there out now too.
    If anythings else pls let me kno so i can make it better again.

  4. #4
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS (+ howto for samba

    much better... but in the /etc/auto.samba shouldn't it be:

    Code:
    workgroup=WORKGROUPNAME
    instead of

    Code:
    workgroupWORKGROUPNAME
    in this section: in /var/log/syslog are the loggings --> you have added a comment to the command... (just the [ /code] is a bit late)

    P.S.: Maybe ask a mod to move this to the HowTo section

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS (+ howto for samba

    hyper_ch : use [noparse]<code>[/noparse]

    "[noparse][code]like this[/code][/noparse]"

    looks like this:

    [code]like this[/code]

    @gaupe : Nice how-to. I suggest you post in the how-to section (http://ubuntuforums.org/forumdisplay.php?f=100)
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #6
    Join Date
    Oct 2007
    Location
    Norway
    Beans
    18
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    Howto made better again. And i learn howto use the forum editor.

  7. #7
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    didn't know about the [noparse] thing thx

  8. #8
    Join Date
    Feb 2006
    Beans
    65

    Re: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    I present to you the glory of ssh installkeys!

    http://www.catb.org/~esr/ssh-installkeys/

  9. #9
    Join Date
    Oct 2005
    Beans
    16

    Re: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    I've been fiddeling around with the same setup without any great success. Maybe someone here can help.

    I have been able to setup public key authentification to my nslu box, and are able to log in without password. scp does also work without password. I generated a key with the -t dsa option and added it to authorized_keys2.

    Whenever I try to mount the box with sshfs, I get the followin error message:

    read: Connection reset by peer

    I still get this message after following the above procedure. -So any information on how ssh and sshfs handles the various keys would be appreciated.

  10. #10
    Join Date
    Jun 2006
    Beans
    121

    Re: How to :Auto + secure Mount remote SSH filesys with AUTOFS and SSHFS + samba )

    I've been looking for something like this for a while now. The way I usually do it is just run a script called sshfs.sh and it runs this command:

    sshfs xxx@xxx.no-ip.org:/hda1 /home/zach/hda1_xbox

    This works just like it should and according to the howto this is the only prerequisite. I did my best, but I still missed something.

    Now in the guide here I think this is the area I'm having problems with:

    Code:
    RemoteDiskSSH -fstype=fuse,port=22,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs\#remoteuser@remote.machine.address\:/Directory/to/mount
    This is what I'm using:

    RemoteDiskSSH -fstype=fuse,port=22,rw,nodev,nonempty,noatime,allo w_other,max_read=65536 :sshfs\#xxx.no-ip.org\:/hda1

    My auto.master looks like this:

    / /etc/auto.SSH uid=1000 gid=1000 -v --/home/zach/hda1_xbox --timeout=32400

    I obviously have something wrong, I'm guessing it's the syntax but I could be wrong. Anyone see what I'm doing wrong here?
    Last edited by Scotty562; November 8th, 2007 at 11:25 PM.

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •