如何为sshfs指定密钥文件?

时间:2014-03-13 23:56:07

标签: linux ssh sshfs

我看了sshfs --help,没有提到密钥文件。我的计算机上有多个pub / priv密钥对(用于不同的服务器),我想指定使用哪个密钥。我该怎么做?

  usage: sshfs [user@]host:[dir] mountpoint [options]

  general options:
  -o opt,[opt...]        mount options
  -h   --help            print help
  -V   --version         print version

  SSHFS options:
  -p PORT                equivalent to '-o port=PORT'
  -C                     equivalent to '-o compression=yes'
  -F ssh_configfile      specifies alternative ssh configuration file
  -1                     equivalent to '-o ssh_protocol=1'
  -o reconnect           reconnect to server
  -o delay_connect       delay connection to server
  -o sshfs_sync          synchronous writes
  -o no_readahead        synchronous reads (no speculative readahead)
  -o sshfs_debug         print some debugging information
  -o cache=BOOL          enable caching {yes,no} (default: yes)
  -o cache_timeout=N     sets timeout for caches in seconds (default: 20)
  -o cache_X_timeout=N   sets timeout for {stat,dir,link} cache
  -o workaround=LIST     colon separated list of workarounds
      none             no workarounds enabled
      all              all workarounds enabled
      [no]rename       fix renaming to existing file (default: off)
      [no]nodelaysrv   set nodelay tcp flag in sshd (default: off)
      [no]truncate     fix truncate for old servers (default: off)
      [no]buflimit     fix buffer fillup bug in server (default: on)
  -o idmap=TYPE          user/group ID mapping, possible types are:
      none             no translation of the ID space (default)
      user             only translate UID of connecting user
  -o ssh_command=CMD     execute CMD instead of 'ssh'
  -o ssh_protocol=N      ssh protocol to use (default: 2)
  -o sftp_server=SERV    path to sftp server or subsystem (default: sftp)
  -o directport=PORT     directly connect to PORT bypassing ssh
  -o transform_symlinks  transform absolute symlinks to relative
  -o follow_symlinks     follow symlinks on the server
  -o no_check_root       don't check for existence of 'dir' on server
  -o password_stdin      read password from stdin (only for pam_mount!)
  -o SSHOPT=VAL          ssh options (see man ssh_config)

  FUSE options:
  -d   -o debug          enable debug output (implies -f)
  -f                     foreground operation
  -s                     disable multi-threaded operation

  -o allow_other         allow access to other users
  -o allow_root          allow access to root
  -o nonempty            allow mounts over non-empty file/dir
  -o default_permissions enable permission checking by kernel
  -o fsname=NAME         set filesystem name
  -o subtype=NAME        set filesystem type
  -o large_read          issue large read requests (2.4 only)
  -o max_read=N          set maximum size of read requests

  -o hard_remove         immediate removal (don't hide files)
  -o use_ino             let filesystem set inode numbers
  -o readdir_ino         try to fill in d_ino in readdir
  -o direct_io           use direct I/O
  -o kernel_cache        cache files in kernel
  -o [no]auto_cache      enable caching based on modification times (off)
  -o umask=M             set file permissions (octal)
  -o uid=N               set file owner
  -o gid=N               set file group
  -o entry_timeout=T     cache timeout for names (1.0s)
  -o negative_timeout=T  cache timeout for deleted names (0.0s)
  -o attr_timeout=T      cache timeout for attributes (1.0s)
  -o ac_attr_timeout=T   auto cache timeout for attributes (attr_timeout)
  -o intr                allow requests to be interrupted
  -o intr_signal=NUM     signal to send on interrupt (10)
  -o modules=M1[:M2...]  names of modules to push onto filesystem stack

  -o max_write=N         set maximum size of write requests
  -o max_readahead=N     set maximum readahead
  -o async_read          perform reads asynchronously (default)
  -o sync_read           perform reads synchronously
  -o atomic_o_trunc      enable atomic open+truncate support
  -o big_writes          enable larger than 4kB writes
  -o no_remote_lock      disable remote file locking

  Module options:

  [subdir]
  -o subdir=DIR           prepend this directory to all paths (mandatory)
  -o [no]rellinks         transform absolute symlinks to relative

  [iconv]
  -o from_code=CHARSET   original encoding of file names (default: UTF-8)
  -o to_code=CHARSET      new encoding of the file names (default: UTF-8)

2 个答案:

答案 0 :(得分:20)

请注意此选项:

  

-o SSHOPT = VAL ssh选项(参见man ssh_config)

如果您查看man ssh_config,可以选择设置私钥文件的路径,名为IdentityFile,这样您就可以执行此操作:

sshfs -oIdentityFile=/abs/path/to/id_rsa server: path/to/mnt/point

身份文件的路径必须是绝对路径。

答案 1 :(得分:1)

原则上,它是这样工作的(作为root或使用static void test<T>(ISorter<T> sorter, IComparer<T> intComparer) { var (correctArray, testArray) = RandomHelper.GetArrays(10, x => x, intComparer); sorter.Sort(testArray, intComparer); Console.WriteLine(string.Join(",", testArray)); Console.WriteLine(string.Join(",", correctArray)); } ):sudo

sshfs -o default_permissions,nonempty,IdentityFile=/home/USER/.ssh/id_rsa SRVUSER@SERVER:PATH /mnt/mountpoint替换为服务器USER文件中的用户,将authorized_keys替换为服务器名称(或IP,例如192.168.0.11),SERVER与服务器上的用户(例如,不建议使用root,但有时甚至是必要的root;为此,请在服务器上正确设置SRVUSER,即指令/etc/ssh/sshd_configPermitRootLogin)。并相应地替换PasswordAuthentication

当该目录不为空时,选项/mnt/mountpoint允许挂载/ mnt / mountpoint。我必须使用它,因为我将文件-o nonempty保留在此目录中以查看是否已挂载,因此,如果.unmounted返回成功(即文件.unmount在/ mnt / mountpoint中存在),它将没有安装。

一个真实的例子:

  • 服务器名称“ homeserver”
  • 在服务器上安装/ home目录
  • 我在本地系统上的挂载点是/ mnt / homeserver
  • 用户“ steve”具有私钥

test -e /mnt/mountpoint/.unmounted是用户史蒂夫(steve)努力工作的。

ssh root@homeserver(作为根用户)

这不起作用,我收到错误消息:sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa root@homeserver:/home /mnt/homeserver

解决方案:通过添加read: Connection reset by peer获得更多的详细输出。

-o debug

突然之间,修复起来容易得多。因为sshd密钥是从上一个会话开始重新创建的,但是本地系统上的# sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa,debug root@homeserver:/home /mnt/homeserver FUSE library version: 2.9.8 nullpath_ok: 0 nopath: 0 utime_omit_ok: 0 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStT0123 Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:2 ECDSA host key for homeserver has changed and you have requested strict checking. Host key verification failed. read: Connection reset by peer 仍然具有旧密钥–它不起作用。在我的情况下,解决方案只是使用编辑器(例如/root/.ssh/known_hosts)从homeserver中删除以/root/.ssh/known_hosts开头的行。现在使用sshfs进行安装即可。在第一次安装时,必须确认新密钥:

nano

顺便说一句,这是# mount /mnt/homeserver The authenticity of host 'homeserver (192.168.0.11)' can't be established. ECDSA key fingerprint is SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsS/1234. Are you sure you want to continue connecting (yes/no)? yes 中的行:

/etc/fstab

因此,即使其他内容,也请先尝试root@homeserver:/home /mnt/homeserver fuse.sshfs noauto,nonempty,default_permissions,IdentityFile=/home/steve/.ssh/id_rsa 0 0 。这将极大地帮助您查找故障。

相关问题
最新问题