As usual I had the desire to have a non-common set-up, which was presumably more secure or at the very least more fun to get working. In this case, after rebuilding my server, I wanted to recreate the sshfs setup I had going on in the past, but this time while using a separate IdentityFile, non-common portnumber and incorporated in my /etc/fstab file. Somehow I forgot how I managed to get that working in the past, so for my own sake and the sake of others seeking help with this, I wrote down the steps I took to get this working, below.
First of all, make sure you have sshd working on the machine that physically contains the disks you want to mount remotely. For this tutorial I’ll call that machine REMOTE. In sshd_config on REMOTE you will want to set (for the setup used in this post) a different port to listen on and enable passwordless login or as it should be referred to: logging in with keys. Then, return here.
Fine, now, on your local machine (LOCAL), generate an IdentityFile to be used for mounting the remote filesystem. I suggest that, while root, you execute the following:
ssh-keygen -f /root/.ssh/YOURKEYFILE
Assure that permissions are set accordingly:
chmod -R 700 /root/.ssh
Now, get the /root/.ssh/YOURKEYFILE.pub file. Yes, the one ending in .pub, not your secret one. Now, on the machine REMOTE, I suggest you add a new user, to be used solely for mounting with sshfs. Give it a catchy name like REMOTEUSER:
useradd -m REMOTEUSER
password REMOTEUSER #do not leave this blank!
Now make sure that the contents of YOURKEYFILE.pub get appended or added to /home/REMOTEUSER/.ssh/authorized_keys (which is of course on REMOTE, not on LOCAL). I don’t know (or care) how, use scp, use another machine, use an USB stick, you’ll figure it out.
After all this, you should be able to log into REMOTEUSER from LOCAL by executing the following as root:
ssh -i /root/.ssh/YOURKEYFILE -p REMOTEPORTNUMBER REMOTEUSER@REMOTE
If this does not work, check logfiles or use debugmodes.
From here it’s not that much work to get to mounting disks or folders which are physically on REMOTE to LOCAL. First, make sure you have sshfs installed. In Gentoo you can simply emerge:
emerge -av sshfs-fuse
Do this.
Now, make sure you know your LOCALMOUNTPOINT (and ensure the empty folder exists by using mkdir) on LOCAL and know which REMOTEMOUNTPOINT you want to mount (located on REMOTE). Try mounting it by executing the following as root:
sshfs REMOTEUSER@REMOTE:REMOTEMOUNTPOINT LOCALMOUNTPOINT -pREMOTEPORTNUMBER -o uid=LOCALUSERID -o gid=DESIREDGROUPID -o idmap=user -o IdentityFile=/root/.ssh/YOURKEYFILE -o allow_other
Please pay close attention to which value is entered where, and, if in doubt, read man sshfs. The values for LOCALUSERID and DESIREDGROUPID determine with what ownership the REMOTEMOUNTPOINT is mounted on LOCAL. The numbers entered represent uid and gid numbers residing on LOCAL.
If this works as expected, it is a simple matter of reformatting the above command, so /etc/fstab is able to automatically mount your REMOTEMOUNTPOINT at (LOCAL)boot. Or so I thought. Turns out it was slightly more complicated, but after some trial and error and some more searching the web I came up with the following working line for fstab:
sshfs#REMOTEUSER@REMOTE:REMOTEMOUNTPOINT LOCALMOUNTPOINT fuse port=REMOTEPORTNUMBER,uid=LOCALUSERID,gid=DESIREDGROUPID,idmap=user,IdentityFile=/root/.ssh/YOURKEYFILE,allow_other 0 0
That should do the trick! You can test this by ensuring you have not mounted your REMOTEMOUNTPOINT on LOCAL at this moment (try fusermount -u LOCALMOUNTPOINT) and then simply entering:
mount LOCALMOUNTPOINT #Yes, the one you just entered in /etc/fstab
That’s it! Any comments or questions can be directed to the comments below and I will attempt to adjust the above as needed.
Tags: /etc/fstab, fuse, Gentoo Linux, IdentityFile, mount, non-standard, passwordless login, port, remote filesystem mounting, ssh, sshfs, uncommon
Thank you, This works perfectly