1

I'd like to be able to mount my backup server on-demand by using my keys on my client terminal only as I don't leave my SSH keys on servers I manage. Does SSHFS support ssh-gent forwarding and how?

Didn't find answers to that in the documentation.

Thanks in advance!

dzhi
  • 800
  • 3
  • 10
  • 26
  • Will the remote only be mounted while you are connected? Do you plan manually triggering the backups? Using the agent might be possible, but it could cause problems if their is any interruptions of the ssh sessions. Seems like it would be better to just create a new key-pair just for that server that permits access to a limited account that is your backup target. – Zoredache Jan 22 '19 at 21:39
  • Answers to your questions are Yes and No. I already have master key I'd use for occasional backup pruning or export or mounting on other hosts in the future and I dont want to manage those low usage keys on my own, hence the ForwardAgent question :) – dzhi Jan 22 '19 at 21:41
  • `I dont want to manage those low usage keys on my own` - That is where automation, would be a good thing. – Zoredache Jan 22 '19 at 22:05

3 Answers3

0

This can be done temporarily, on a per use case by using -E man page

For example, if you're a regular user on host

client:    $ ssh -A user@host
user@host: $ sudo -E sshfs -o allow_other user@host2:/ /mnt

This forwards your agent connection from client through host to host2. sudo allows the environment to be preserved when executing sshfs

Dave Smith
  • 3
  • 3
0

Yes, it supports. You only need to have agent forwarding enabled. SSHFS is transparent to it, if it works for your system than it works also for SSHFS.

Here is the proof:

[root@novaprime ~]# ssh -A hercules Last login: Tue Jan 22 23:46:47 2019 from gateway [root@hercules ~]# sshfs -o allow_other root@192.168.122.1:/ /mnt [root@hercules ~]# df -Ph /mnt Filesystem Size Used Avail Use% Mounted on root@192.168.122.1:/ 49G 9.0G 40G 19% /mnt [root@hercules ~]#

Zatarra
  • 405
  • 3
  • 5
  • Nope, I can't reproduce this which appears to be my desired behavior. Do you have anything meaningful for this in your .ssh/config? – dzhi Jan 22 '19 at 22:00
  • If you are using putty to connect you must have Allow agent forwarding option checked in (Connection->SSH->Auth) and also pageant open with your key loaded, if not you will need to load your key with ssh-add. You can also check for the (AllowAgentForwarding in you sshd_config file). And to answer your question, I don't even have a config file in .ssh – Zatarra Jan 22 '19 at 22:12
  • I use Xshell and agent forwarding worka just fine for regular SSH/SFTP sessions but SSHFS won't for some reason. – dzhi Jan 22 '19 at 22:15
  • In that case I would say the problem is with Xshell. Try to do simple ssh and check if it works, if it does try with a different program, and if you are still having the same problem try to check the sshfs version. Mine is SSHFS version 2.10 FUSE library version: 2.9.2 – Zatarra Jan 22 '19 at 22:20
  • Are you running your mount command via sudo or something? Keep in mind that your agent is going automatically work via sudo. – Zoredache Jan 22 '19 at 23:38
0

Okay, just solved the issue. Thing is that I executed sshfs command via sudo, as root, so my user environment (SSH_* variables) wasn't accessible to root so I added my user SSH enviroment variables to sudoers file:

Defaults env_reset
Defaults env_keep += "EDITOR BORG_REPO BORG_PASSPHRASE BORG_RSH VISUAL SHELL LSCOLORS LS_COLORS LESS LESSCHARSET LESSEDIT LANG SSH_AUTH_SOCK SS
H_CLIENT SSH_CONNECTION SSH_TTY"

After logging in again and running sshfs as root my keys were forwarded to the server properly.

Not sure if this is the most secure thing in the world but I'm open to suggestions to solve this properly.

dzhi
  • 800
  • 3
  • 10
  • 26