19

我看了看,sshfs --help没有提到密钥文件。我的计算机上有多个 pub/priv 密钥对(用于不同的服务器),我想指定要使用的密钥。我该怎么做?

  usage: sshfs [user@]host:[dir] mountpoint [options]

  general options:
  -o opt,[opt...]        mount options
  -h   --help            print help
  -V   --version         print version

  SSHFS options:
  -p PORT                equivalent to '-o port=PORT'
  -C                     equivalent to '-o compression=yes'
  -F ssh_configfile      specifies alternative ssh configuration file
  -1                     equivalent to '-o ssh_protocol=1'
  -o reconnect           reconnect to server
  -o delay_connect       delay connection to server
  -o sshfs_sync          synchronous writes
  -o no_readahead        synchronous reads (no speculative readahead)
  -o sshfs_debug         print some debugging information
  -o cache=BOOL          enable caching {yes,no} (default: yes)
  -o cache_timeout=N     sets timeout for caches in seconds (default: 20)
  -o cache_X_timeout=N   sets timeout for {stat,dir,link} cache
  -o workaround=LIST     colon separated list of workarounds
      none             no workarounds enabled
      all              all workarounds enabled
      [no]rename       fix renaming to existing file (default: off)
      [no]nodelaysrv   set nodelay tcp flag in sshd (default: off)
      [no]truncate     fix truncate for old servers (default: off)
      [no]buflimit     fix buffer fillup bug in server (default: on)
  -o idmap=TYPE          user/group ID mapping, possible types are:
      none             no translation of the ID space (default)
      user             only translate UID of connecting user
  -o ssh_command=CMD     execute CMD instead of 'ssh'
  -o ssh_protocol=N      ssh protocol to use (default: 2)
  -o sftp_server=SERV    path to sftp server or subsystem (default: sftp)
  -o directport=PORT     directly connect to PORT bypassing ssh
  -o transform_symlinks  transform absolute symlinks to relative
  -o follow_symlinks     follow symlinks on the server
  -o no_check_root       don't check for existence of 'dir' on server
  -o password_stdin      read password from stdin (only for pam_mount!)
  -o SSHOPT=VAL          ssh options (see man ssh_config)

  FUSE options:
  -d   -o debug          enable debug output (implies -f)
  -f                     foreground operation
  -s                     disable multi-threaded operation

  -o allow_other         allow access to other users
  -o allow_root          allow access to root
  -o nonempty            allow mounts over non-empty file/dir
  -o default_permissions enable permission checking by kernel
  -o fsname=NAME         set filesystem name
  -o subtype=NAME        set filesystem type
  -o large_read          issue large read requests (2.4 only)
  -o max_read=N          set maximum size of read requests

  -o hard_remove         immediate removal (don't hide files)
  -o use_ino             let filesystem set inode numbers
  -o readdir_ino         try to fill in d_ino in readdir
  -o direct_io           use direct I/O
  -o kernel_cache        cache files in kernel
  -o [no]auto_cache      enable caching based on modification times (off)
  -o umask=M             set file permissions (octal)
  -o uid=N               set file owner
  -o gid=N               set file group
  -o entry_timeout=T     cache timeout for names (1.0s)
  -o negative_timeout=T  cache timeout for deleted names (0.0s)
  -o attr_timeout=T      cache timeout for attributes (1.0s)
  -o ac_attr_timeout=T   auto cache timeout for attributes (attr_timeout)
  -o intr                allow requests to be interrupted
  -o intr_signal=NUM     signal to send on interrupt (10)
  -o modules=M1[:M2...]  names of modules to push onto filesystem stack

  -o max_write=N         set maximum size of write requests
  -o max_readahead=N     set maximum readahead
  -o async_read          perform reads asynchronously (default)
  -o sync_read           perform reads synchronously
  -o atomic_o_trunc      enable atomic open+truncate support
  -o big_writes          enable larger than 4kB writes
  -o no_remote_lock      disable remote file locking

  Module options:

  [subdir]
  -o subdir=DIR           prepend this directory to all paths (mandatory)
  -o [no]rellinks         transform absolute symlinks to relative

  [iconv]
  -o from_code=CHARSET   original encoding of file names (default: UTF-8)
  -o to_code=CHARSET      new encoding of the file names (default: UTF-8)
4

2 回答 2

31

注意这个选项:

-o SSHOPT=VAL ssh 选项(参见 man ssh_config)

如果您查看man ssh_config,有一个选项可以设置您的私钥文件的路径,称为IdentityFile,因此您可以这样做:

sshfs -oIdentityFile=/abs/path/to/id_rsa server: path/to/mnt/point

标识文件的路径必须是绝对路径。

于 2014-03-14T00:06:55.323 回答
1

原则上它是这样工作的(作为 root 或使用sudo):sshfs -o default_permissions,nonempty,IdentityFile=/home/USER/.ssh/id_rsa SRVUSER@SERVER:PATH /mnt/mountpoint

替换为服务器文件中的USER用户,替换为服务器名称(或 IP,如 192.168.0.11),替换为服务器上的用户(例如 root,不推荐但可能但有时是必要的;设置您的服务器为此正确,即指令和)。也相应地替换。authorized_keysSERVERSRVUSER/etc/ssh/sshd_configPermitRootLoginPasswordAuthentication/mnt/mountpoint

当此目录不为空时,该选项-o nonempty允许挂载 /mnt/mountpoint。我必须使用它,因为我将文件保存.unmounted在此目录中以查看它是否已安装,因此如果test -e /mnt/mountpoint/.unmounted返回成功(即文件 .unmounted 存在于 /mnt/mountpoint 中),则未安装它。

一个真实的例子:

  • 服务器名称“家庭服务器”
  • 在服务器上挂载 /home 目录
  • 我在本地系统上的挂载点是 /mnt/homeserver
  • 用户“steve”拥有私钥

ssh root@homeserver作为用户史蒂夫工作。

sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa root@homeserver:/home /mnt/homeserver(作为根)

这不起作用,我收到错误消息:read: Connection reset by peer

解决方案:通过添加获得更详细的输出-o debug

# sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa,debug 
root@homeserver:/home /mnt/homeserver
FUSE library version: 2.9.8
nullpath_ok: 0
nopath: 0
utime_omit_ok: 0
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStT0123
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
ECDSA host key for homeserver has changed and you have requested strict checking.
Host key verification failed.
read: Connection reset by peer

突然之间,它更容易修复。因为自上次会话以来重新创建了 sshd 密钥,但/root/.ssh/known_hosts在本地系统上仍然有旧密钥 - 它不起作用。homeserver就我而言,解决方案只是从/root/.ssh/known_hosts使用编辑器(如nano)中删除以开头的行。现在使用 sshfs 安装即可。在第一次挂载时,必须确认新密钥:

# mount /mnt/homeserver
The authenticity of host 'homeserver (192.168.0.11)' can't be established.
ECDSA key fingerprint is SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsS/1234.
Are you sure you want to continue connecting (yes/no)? yes

顺便说一句,这是以下行/etc/fstab

root@homeserver:/home  /mnt/homeserver  fuse.sshfs noauto,nonempty,default_permissions,IdentityFile=/home/steve/.ssh/id_rsa  0 0

所以即使是别的东西,也-o debug要先试试。这将极大地帮助找出故障。

于 2019-08-08T00:38:04.337 回答