Saturday, 27 August 2016

Mounting directory on server automatically at startup using sshfs in fstab

If you have a directory on a server, whether it's your home directory or something else, that you wish to be mounted automatically when you start your computer, this is how to do it:

Preparation:
Install sshfs:
$ sudo apt-get -y install sshfs
You'll need to create an ssh key without a password:
$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/you/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/you/.ssh/id_rsa.
Your public key has been saved in /home/you/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RE0kmliJIsiIOvSd2YV/ThwxT8t01fWsxbykuecThLc you@your-laptop
The key's randomart image is:
+---[RSA 2048]----+
|=    ...++oo.o .*|
|=o. .o.=-o..* o+o|
|o...o * . . o+..*|
|o  . + o + + .+=.|
| .      S +  o+..|
|           .  .E |
|             . ..|
|              o. |
|               +.|
+----[SHA256]-----+

Make an asias for your server's IP address so you can simply refer to is as "server". This makes it easier should you ever change the IP address in the future:
$ sudo su
# echo "192.168.0.100 server" >> /etc/hosts
# exit
(assuming 192.168.0.100 is the IP address of your server)

Add your ssh public key to the server so you can log in without entering password:
you@your-laptop:~$ rsync ~/.ssh/id_rsa.pub server:
The authenticity of host 'server (192.168.0.100)' can't be established.
RSA key fingerprint is SHA256:....
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server,192.168.0.100' (RSA) to the list of known hosts.
you@server's password: 
you@your-laptop:~$ ssh server
you@server's password: 
...
you@server:~$ cat id_rsa.pub >> ~/.ssh/authorized_keys 
you@server:~$ rm id_rsa.pub 
you@server:~$ exit

Now you can try "ssh server", and you should be able to log on without entering your password.
Next, you need to make sure root can log on to the server unattended. If root has never logged on before, you will be asked to confirm the RSA fingerprint. Just enter "yes" and press enter, then just press Ctrl-C when you get to the login prompt, as you don't need to log in (when mounting the server directory, root will be using your SSH key).
you@your-laptop:~$ sudo ssh server
[sudo] password for you: 
The authenticity of host 'server (192.168.0.100)' can't be established.
RSA key fingerprint is SHA256:....
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server,192.168.0.100' (RSA) to the list of known hosts.
root@server's password: 

Then, find out your UID and GID. You'll need these later:
you@your-laptop:~$ id -u  # this is your UID
1000
you@your-laptop:~$ id -g  # this is your GID
1000

Now, finally, you can add the entries you need in fstab.
Either use "sudo nano /etc/fstab" or another editor and add the lines below at the bottom, assuming your username is "you", your uid and gid are both 1000.
# mount your home directory on the server to /home/you/server-home:
you@server: /home/you/server-home fuse.sshfs delay_connect,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/you/.ssh/id_rsa,allow_other,default_permissions,uid=1000,gid=1000 0 0
# mounting another diretory:
you@server:/path/to/directory/on/server /path/to/directory/on/your/coputer fuse.sshfs delay_connect,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/you/.ssh/id_rsa,allow_other,default_permissions,uid=1000,gid=1000 0 0

Take extra care to replace the references to "you" with your username and 1000 to your UID and GID, if different.

Make sure you create the local directories you want to mount to (using mkdir)
In order to test this without rebooting:
$ sudo mount -a
If it didn't go well, you can unmount it using umount and tweak it and run mount -a again:
$ sudo umount /path/to/the/local/directory/you/mount/on

If you're getting this error when for example using ls to list its content:
cannot access 'your-local-mount-pont': Input/output error
...it is likely that root cannot ssh to your server. Make sure the path to the id_rsa file is correct, or i worst case make a separate ssh key for root, and add that as well to the server's .ssh/authorized_keys file, then make sure root can log on to your user on the server.

No comments:

Post a Comment