What is sshfs and why is it so great?
sshfs is a file system in userspace (FUSE) and can be used to mount a remote ssh account locally in a folder. This is absolutely great – If I need to work on files from my server I can use the simple command:
tjansson@dirac:~$sshfs email@example.com: sshfs/
which mounts the remote file system on bar.com over a encrypted connection to the folder sshfs/ – none of the programs is aware the files are remote and working on a file in the folder sshfs/ is the same as for local files – at least if the connection is fast enough.
What is autofs and what why is this even better than plain sshfs?
The great thing thing about autofs is that the line above is no longer needed. The mounting of the remote file system is done in the moment I try to access the folder by the autofs daemon. sshfs and autofs together makes a encrypted remote file system available to the user and the system in a totally transparent way. Once the setup is complete the user will never need to know that the files are actually on a remote server.
Installation of FUSE
The installation is pretty straight forward. First the packages needs to be loaded.
root@bohr:~# aptitude install sshfs fuseutils autofs
Second the module needs to be loaded into the kernel:
root@bohr:~# modprobe fuse
and since this module should be loaded on every startup of the computer the line:
should be added to the file /etc/modules. The last part of setting up FUSE is to add the users which should be able to use FUSE to the FUSE usergroup.
root@bohr:~# usermod -a -G fuse tjansson
This will work when logged out and in again.
Configuring ssh and autofs
First I need to create a set of ssh-keys so I don’t have to write my password every time the connection is established.
root@bohr:~# ssh-keygen -t dsa
Next the public key needs to be transported to the remote server (bar.com) with the login “tjansson”.
root@bohr:~#ssh-copy-id -i .ssh/id_rsa.pub firstname.lastname@example.org
Now I need to create a folder where the remote folder should be mounted.
root@bohr:~# mkdir /mnt/sshfs
The next thing is to add a line to the file /etc/auto.master but before this is done. I need to know the userid, so I run:
tjansson@bohr:~$cat /etc/passwd | grep tjansson tjansson:x:1000:1000:Thomas Jansson,,,:/home/tjansson:/bin/bash
So my userid is 1000. The file in /etc/auto.master now needs the line:
/mnt/sshfs /etc/auto.sshfs uid=1000,gid=1000,--timeout=30,--ghost
and finally we need to create the file /etc/auto.sshfs and add lines similar to this:
bar -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs\#email@example.com\:
This will mount the remote system in the folder /mnt/sshfs/bar/ every time I access that folder. If I’m not using the folder for 30 seconds it will be unmounted. Absolutely amazing and very very useful.
If you have several servers you just need to add line for each in the file /etc/auto.sshfs. Finally it should also be stated that the are some security considerations to take into account. If this done on a laptop and the laptop is stolen the burglar could gain access to the remote systems.