25日 6月 2018

OpenSUSE Leap 15: Install sshfs for SSH client

This article will describe installing sshfs for SSH client.

1 Install sshfs

Install sshfs package. 

> sudo zypper -n in sshfs

2 Mount SSH with sshfs

Mount SSH to <path> with sshfs. You need write permission to <path>. 

> sshfs <server> <path>

This article mounts to $HOME/mnt. 

> mkdir $HOME/mnt
> sshfs ssh-server.hiroom2.com:$HOME $HOME/mnt
The authenticity of host 'ssh-server.hiroom2.com
(192.168.11.96)' can't be established.
ECDSA key fingerprint is
SHA256:jnXzkA7FZ1MW7K2zr9lM87nLt/IxJBIqKyt9EMF7mbc.
Are you sure you want to continue connecting (yes/no)? yes
hiroom2@ssh-server.hiroom2.com's password:

$HOME in SSH server can be accessed. 

> ls $HOME/mnt
bin      Documents  examples.desktop  Pictures  src        Videos
Desktop  Downloads  Music             Public    Templates

3 Generate SSH key

Generate SSH key for accessing from root user on SSH client to root user on SSH server without password authentication.

Run ssh-keygen on SSH client for generating SSH key. 

> # Run the following command on SSH client.
> sudo ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""
> sudo cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3Nza<snip> root@ssh-client

Copy public key generated by ssh-keygen on SSH client to authorized_keys on SSH server. 

> # Run the following command on SSH server.
> cat <<EOF | sudo tee /root/.ssh/authorized_keys
ssh-rsa AAAAB3Nza<snip> root@ssh-client
EOF

You need to access from SSH client to SSH server for adding SSH server fingerprint to known_hosts. This article disables checking finngerprint to SSH server. 

> # Run the following command on SSH client.
> cat <<EOF | sudo tee /root/.ssh/config
Host 192.168.11.*
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

Host *.hiroom2.com
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
EOF

4 Mount SSH on boot

Add mount entry to /etc/fstab. For avoiding mounting NFS before network initialization, you need to add _netdev option. For making x-systemd.automount to mount NFS, you need to add x-systemd.automount to option. 

> SSH_SERVER=ssh-server.hiroom2.com
> SSH_DIR=/
> cat <<EOF | sudo tee -a /etc/fstab
${SSH_SERVER}:${SSH_DIR} /mnt fuse.sshfs _netdev,x-systemd.automount 0 0
EOF

For access with other user, use <user>@<server>. identityfile option changes SSH key. allow_other, uid and gid option changes ownership at mount point. But if home directory permission is 755, mount point will be accessed by other user. 

> OPT=_netdev,x-systemd.automount,identityfile=/home/hiroom2/.ssh/id_rsa
> OPT=${OPT},allow_other,uid=hiroom2,gid=users
> mkdir -p /home/hiroom2/mnt
> cat <<EOF | sudo tee -a /etc/fstab
hiroom2@${SSH_SERVER}:/home/hiroom2 /home/hiroom2/mnt fuse.sshfs ${OPT} 0 0
EOF

For avoiding access by other user, change home directory permision to 700 or create 700 directory between home directory and mount point. 

> mkdir -p /home/hiroom2/guard/mnt
> chmod 700 /home/hiroom2/guard
> cat <<EOF | sudo tee -a /etc/fstab
hiroom2@${SSH_SERVER}:/home/hiroom2 /home/hiroom2/guard/mnt \
fuse.sshfs ${OPT} 0 0
EOF
カテゴリ: ssh, en, opensuse-15, 201806