挂载 sshfs 作为非 root 永远挂起

挂载 sshfs 作为非 root 永远挂起

我在 fstab 中创建了 sshfs 挂载点,使用 sshpass 发送密码(我需要这样做,因为远程服务器上不提供密钥身份验证)。

挂载以 root 身份记录的文件夹效果很好。但是当作为另一个帐户(www-data)安装时,安装将永远挂起。

在下面的示例中,我安装在我自己的服务器 (127.0.0.1) 上,在我自己的 ssh 服务器上。但行为与远程服务器相同。

# cat /etc/fstab
...
[email protected]:/    /mount/mountpoint   fuse.sshfs  noauto,port=22,noatime,_netdev,user,idmap
=user,uid=www-data,gid=www-data,allow_other,ServerAliveInterval=5,ServerAliveCountMax=2,ssh_command=sshpass\040-f\040/usr/local/credentials/.sshfs-distant\040ssh 0   0


# cat /usr/local/credentials/.sshfs-distant
<needed_password>


# ls -l /mount
drwxrwx--- 2 www-data www-data  4096 mars  15 17:00 mountpoint

如果我在挂载线上启用调试(添加debug,sshfs_debug,loglevel=debug选项),我会得到:

# sudo -u www-data mount kcm-online-dev/
SSHFS version 2.8
FUSE library version: 2.9.7
nullpath_ok: 0
nopath: 0
utime_omit_ok: 0
executing <sshpass> <-f> </usr/local/credentials/.sshfs-distant> <ssh> <-x> <-a> <-oClearAllForwardings=yes> <-oport=22> <-oServerAliveInterval=5> <-oServerAliveCountMax=2> <-ologlevel=debug> <-2> <[email protected]@127.0.0.1> <-s> <sftp>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/www/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1
debug1: match: OpenSSH_7.4p1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 127.0.0.1:22 as '[email protected]'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:evn+V3Z0y+dY1+3EwwHPhRqy/5qQO9GtrRZrOespLzI
debug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /var/www/.ssh/known_hosts:3
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /var/www/.ssh/id_rsa
debug1: Trying private key: /var/www/.ssh/id_dsa
debug1: Trying private key: /var/www/.ssh/id_ecdsa
debug1: Trying private key: /var/www/.ssh/id_ed25519
debug1: Next authentication method: password

然后它就挂了。

注意:远程服务器公钥已知为 www-data,正如我在成功的 ssh 连接之前所做的那样 ( )sudo -u www-data ssh [email protected]

你能告诉我我错过了什么吗?

答案1

知道了。用户无法访问凭证文件www-data...

为了调试它,我手动启动了 sshpass,如下所示:

# sudo -u www-data /usr/bin/sshpass -v -f /usr/local/credentials/.sshfs-distant ssh [email protected] ls /tmp
SSHPASS searching for password prompt using match "assword"
SSHPASS read: [email protected]'s password:
SSHPASS detected prompt. Sending password.

(然后永远等待)

在命令行中使用密码:

# sudo -u www-data /usr/bin/sshpass -v -p '<needed_password>' -f /usr/local/credentials/.sshfs-distant ssh [email protected] ls /tmp
SSHPASS searching for password prompt using match "assword"
SSHPASS read: [email protected]'s password:
SSHPASS detected prompt. Sending password.
SSHPASS read:

(... ls tmp files)

相关内容