How to auto mount an ssh file system on demand with an RSA key

Question

I am trying to auto mount a folder from my raspberry pi (/home/pi/server_folder), to a local folder (/home/my_name/raspberrypi). I can do this with sshfs (auto mount in fstab) when I set up a blank rsa key, but when I try to use an actual key, like 123, the raspberry pi filesystem wont mount. This is pretty obvious, since I have to supply the passphrase, but is there a way to have it ask for the passphrase when I first try to access /home/my_name/raspberrypi, or do something similar to that? Because if someone gets my laptop, they dont need to put a password or anything in to get access to my raspberry pi, if I leave the rsa key blank. I have looked into autofs, and autosshfs, but autosshfs won't download, and autofs doesn't explain how to mount with an actual rsa key (well, I haven't found a guide on how to). I'm using arch Linux, latest version. Here is the fstab entry:

pi@10.0.0.50:/home/pi/server_folder/ /home/my_name/raspberrypi  fuse.sshfs noauto,x-systemd.automount,_netdev,users,idmap=user,IdentityFile=/home/my_name/.ssh/id_rsa,allow_other,reconnect 0 0

which is what arch wiki says to do (but doesn't explain very well).

score 5 · Accepted Answer · answered Sep 05 '16 at 23:56

5

Since SSHFS is based on FUSE, it's easier to use a non-root automounter. Use afuse, that's prety much what it was designed for. One-time setup:

mkdir ~/.afuse
ln -s .afuse/raspberrypi/server_folder ~/raspberrypi

To start the automounter:

afuse -o mount_template="sshfs %r:/ %m" -o unmount_template="fusermount -u -z %m" ~/.afuse

Make sure that the SSH_AUTH_SOCK variable is set when you start afuse, i.e. it must be started after ssh-agent. Run ssh-add to load the key into the SSH agent, and then you'll be able to access the SSHFS directories.

answered Sep 05 '16 at 23:56

Gilles 'SO- stop being evil'

829,060

Is there any way to get it to work after a shutdown? – Vityou Sep 06 '16 at 21:50
@Vityou Put the afuse invocation in your session startup scripts (e.g. .profile, .config/autostart, …). – Gilles 'SO- stop being evil' Sep 06 '16 at 22:05
afuse hasn't been updated in 7 years – crypdick Feb 17 '20 at 17:02
@crypdick It's still in major distributions such as Debian. Is there any reason not to use it? – Gilles 'SO- stop being evil' Feb 17 '20 at 18:06

score 2 · Answer 2 · answered Jul 06 '19 at 16:09

To expand on Gilles' correct answer, and to address some further thoughts addressed in comments to his answer regarding 'Integration of afuse into (profile) startup (scripts)':

You can enable on-demand sshfs mounting by adding a script invocation to your e.g. ~/.profile or create a user level systemd service unit.

I favor the systemd answer: ~/.config/systemd/user/afuse.service

[Unit]
Description="SSHFS via Afuse automounter"
AssertPathExists=%h/scp/
AssertFileIsExecutable=/usr/bin/afuse
AssertFileIsExecutable=/usr/bin/sshfs

[Service]
Type=forking
WorkingDirectory=%h/scp
ExecStart=/usr/bin/afuse \
    -o mount_template="sshfs -o ServerAliveInterval=10 -o reconnect %%r:/ %%m" \
    -o unmount_template="fusermount -u -z %%m" .
Restart=always
PrivateTmp=true
#NoNewPrivileges=true
#Environment=

[Install]
WantedBy=default.target

How to auto mount an ssh file system on demand with an RSA key

2 Answers2

Linked

Related