SSHFSのソースを表示

[[Category:Secure Shell]]
[[en:Sshfs]]
[[es:Sshfs]]
[[it:Sshfs]]
{{Related articles start}}
{{Related|SSH}}
{{Related articles end}}
sshfs を使うことで ([[SSH]] でアクセスできる) リモートシステムをローカルフォルダにマウントすることができます。ツールを使ってマウントしたファイルを様々に操作することが可能です (コピー、名前を変更、vim で編集など)。基本的に shfs の代わりに sshfs を使うことが推奨されます。shfs の新しいバージョンは2004年からリリースされていません。

== インストール ==

[[公式リポジトリ]]から {{Pkg|sshfs}} を[[インストール]]してください。

=== マウント ===
ディレクトリをマウントする前に、対象のディレクトリのファイルパーティションが正しく設定されているか (ユーザーがアクセスできるか) 確認してください。マウントするには、{{ic|sshfs}} を実行してリモートディレクトリをマウントします:
 $ sshfs ''USERNAME@HOSTNAME_OR_IP:/PATH LOCAL_MOUNT_POINT SSH_OPTIONS''

例:
 $ sshfs sessy@mycomputer:/foo/bar /mnt/bar -C -p 9876
{{ic|9876}} はポート番号に置き換えてください。

{{Note|Users may also define a non-standard port on a host-by-host basis in {{ic|~/.ssh/config}} to avoid appending the -p switch here. For more information see [[Secure Shell#Saving connection data in ssh config]].}}

必要であれば、SSH はパスワードを尋ねます。何度もパスワードを入力したくない場合は、次を読んでください: [http://linuxmafia.com/~karsten/Linux/FAQs/sshrsakey.html How to Use RSA Key Authentication with SSH] または [[SSH 鍵]]。
{{Tip|To quickly mount a remote dir, do some file-management and unmount it, put this in a script:
 sshfs USERNAME@HOSTNAME_OR_IP:/PATH LOCAL_MOUNT_POINT SSH_OPTIONS''
 mc ~ LOCAL_MOUNT_POINT
 fusermount -u LOCAL_MOUNT_POINT''
This will mount the remote directory, launch MC, and unmount it when you exit.
}}

=== アンマウント ===

リモートシステムをアンマウントするには:
 $ fusermount -u ''LOCAL_MOUNT_POINT''
例:
 $ fusermount -u /mnt/sessy

== Chroot ==

You may want to jail a (specific) user to a directory.To do this, edit {{ic|/etc/ssh/sshd_config}}:

{{hc|/etc/ssh/sshd_config|.....
Match User someuser 
       ChrootDirectory /chroot/%u
       ForceCommand internal-sftp #to restrict the user to sftp only
       AllowTcpForwarding no
       X11Forwarding no
.....}}

{{Note|The chroot directory '''must''' be owned by root, otherwise you will not be able to connect.
For more info check the manpages for {{ic|Match, ChrootDirectory}} and {{ic|ForceCommand}}.}}

== ヘルパー ==

sshfs ファイルシステムを頻繁にマウントする必要がある場合、[[sftpman]] などの sshfs ヘルパーを使うと良いでしょう。

コマンドラインと GTK のフロントエンドが入っており、マウントやアンマウントをワンクリックで行うことができるようになります。

== 自動マウント ==

起動時や、必要に応じて (ディレクトリのアクセス時に)、自動マウントを行うことができます。どちらにしても、セットアップは {{ic|/etc/[[fstab]]}} で行います。

{{Note|Be mindful that automounting is done through the root user, therefore you cannot use Hosts configured in {{ic|.ssh/config}} of your normal user.

root ユーザーで通常ユーザーの SSH 鍵を使うときは、{{ic|IdentityFile}} オプションにフルパスを指定してください。

'''And most importantly''', use each sshfs mount at least once manually '''while root''' so the host's signature is added to the {{ic|.ssh/known_hosts}} file.

}}

=== 必要に応じてマウント ===

{{ic|/etc/fstab}} エントリを使うことで systemd でオンデマンドのマウントを行えます。

例:
 user@host:/remote/folder /mount/point  fuse.sshfs noauto,x-systemd.automount,_netdev,users,idmap=user,IdentityFile=/home/user/.ssh/id_rsa,allow_other,reconnect 0 0
ここで重要なマウントオプションは ''noauto,x-systemd.automount,_netdev'' です。
* ''noauto'' tells it not to mount at boot
* ''x-systemd.automount'' does the on-demand magic
* ''_netdev'' tells it that it's a network device, not a block device (without it "No such device" errors might happen)

{{Tip|
[https://github.com/hellekin/autosshfs autosshfs] を使うという方法もあります。新しいマウントポイントを追加するのに {{ic|/etc/fstab}} を編集する必要がなくなり、(autosshfs が有効になった) 通常ユーザーがアクセスしようとしただけで作成されます:
 ls ~/mnt/ssh/[user@]yourremotehost[:port]
{{AUR|autosshfs-git}} は [[AUR]] からインストールできます。
}}

=== 起動時にマウント ===

{{ic|/etc/[[fstab]]}} で sshfs を使ってリモートのファイルシステムをマウントする例:
 USERNAME@HOSTNAME_OR_IP:/REMOTE/DIRECTORY  /LOCAL/MOUNTPOINT  fuse.sshfs  defaults,_netdev  0  0

Take for example the ''fstab'' line
 llib@192.168.1.200:/home/llib/FAH  /media/FAH2  fuse.sshfs  defaults,_netdev  0  0
The above will work automatically if you are using an SSH key for the user. See [[Using SSH Keys]].

If you want to use sshfs with multiple users:
 user@domain.org:/home/user  /media/user   fuse.sshfs    defaults,allow_other,_netdev    0  0

Again, it's important to set the ''_netdev'' mount option to make sure the network is available before trying to mount.

=== ユーザーアクセスのセキュア化 ===

When automounting via {{ic|/etc/[[fstab]]}}, the filesystem will generally be mounted by root. By default, this produces undesireable results if you wish access as an ordinary user and limit access to other users.

An example mountpoint configuration:

 USERNAME@HOSTNAME_OR_IP:/REMOTE/DIRECTORY  /LOCAL/MOUNTPOINT  fuse.sshfs noauto,x-systemd.automount,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/USERNAME/.ssh/id_rsa,allow_other,default_permissions,uid=USER_ID_N,gid=USER_GID_N 0 0

Summary of the relevant options:

* ''allow_other'' - Allow other users than the mounter (i.e. root) to access the share.
* ''default_permissions'' - Allow kernel to check permissions, i.e. use the actual permissions on the remote filesystem. This allows prohibiting access to everybody otherwise granted by ''allow_other''.
* ''uid'', ''gid'' - set reported ownership of files to given values; ''uid'' is the numeric user ID of your user, ''gid'' is the numeric group ID of your user.

== オプション ==

sshfs can automatically convert your local and remote user IDs.

Add the ''idmap'' option with ''user'' value to translate UID of connecting user:

 # sshfs -o idmap=user sessy@mycomputer:/home/sessy /mnt/sessy -C -p 9876

This will map UID of the remote user "sessy" to the local user, who runs this process ("root" in the above example) and GID remains unchanged. If you need more precise control over UID and GID translation, look at the options ''idmap=file'' and ''uidfile'' and ''gidfile''.

== トラブルシューティング ==

=== チェックリスト ===

Read the [https://wiki.archlinux.org/index.php/Secure_Shell#Checklist SSH Checklist] Wiki entry first. Further issues to check are:

1. Is your SSH login sending additional information from server's {{ic|/etc/issue}} file e.g.? This might confuse SSHFS. You should temporarily deactivate server's {{ic|/etc/issue}} file:

 $ mv /etc/issue /etc/issue.orig

2. Keep in mind that most SSH related troubleshooting articles you will find on the web are '''not''' Systemd related. Often {{ic|/etc/fstab}} definitions wrongly begin with {{ic|''sshfs#''user@host:/mnt/server/folder ... fuse ...}} instead of using the syntax {{ic|user@host:/mnt/server/folder ... fuse.''sshfs'' ... ''x-systemd'', ...}}. 

3. Check that the owner of server's source folder and content is owned by the server's user. 

 $ chown -R USER_S: /mnt/servers/folder

4. The server's user ID can be different from the client's one. Obviously both user names have to be the same. You just have to care for the client's user IDs. SSHFS will translate the UID for you with the following mount options:

 uid=''USER_C_ID'',gid=''GROUP_C_ID''

5. Check that the client's target mount point (folder) is owned by the client user. This folder should have the same user ID as defined in SSHFS's mount options.

 $ chown -R USER_C: /mnt/client/folder

6. Check that the client's mount point (folder) is empty. By default you can't mount SSHFS folders to non-empty folders.

7. If you want to automount SSH shares by using an SSH public key authentication (no password) via {{ic|/etc/fstab}}, you can use this line as an example:

 ''USER_S''@''SERVER'':/mnt/on/server      /nmt/on/client        fuse.sshfs      x-systemd.automount,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/''USER_C''/.ssh/id_rsa,allow_other,default_permissions,uid=''USER_C_ID'',gid=''GROUP_C_ID'',umask=0   0 0

Considering the following example settings ...

SERVER = Server host name (serv)
USER_S = Server user name (pete)
USER_C = Client user name (pete)
USER_S_ID = Server user ID (1004)
USER_C_ID = Client user ID (1000)
GROUP_C_ID = Client user's group ID (100)

you get the client user's ID and group ID with

 $ id USERNAME

this is the final SSHFS mount row in {{ic|/etc/fstab}};

 pete@serv:/mnt/on/server      /nmt/on/client        fuse.sshfs      x-systemd.automount,_netdev,user,idmap=user,transform_symlinks,identityfile=/home/pete/.ssh/id_rsa,allow_other,default_permissions,uid=1004,gid=1000,umask=0   0 0

8. If you know another issue for this checklist please add it the list above.

=== Connection reset by peer ===

* If you are trying to access the remote system with a hostname, try using its IP address, as it can be a domain name solving issue. Make sure you edit {{ic|/etc/hosts}} with the server details.
* If you are using non-default key names and are passing it as {{ic|-i .ssh/my_key}}, this won't work. You have to use {{ic|-o IdentityFile<nowiki>=</nowiki>/home/user/.ssh/my_key}}, with the full path to the key.
* Adding the option '{{ic|sshfs_debug}}' (as in '{{ic|sshfs -o sshfs_debug user@server ...}}') can help in resolving the issue.
* If you're trying to sshfs into a router running DD-WRT or the like, there is a solution [http://www.dd-wrt.com/wiki/index.php/SFTP_with_DD-WRT here]. (note that the -osftp_server=/opt/libexec/sftp-server option can be used to the sshfs command in stead of patching dropbear)
* old Forum thread: [https://bbs.archlinux.org/viewtopic.php?id=27613 sshfs: Connection reset by peer]
* make sure your user can log into the server (especially when using AllowUsers)

{{Note| When providing more than one option for sshfs, they must be comma separated. Like so: '{{ic|sshfs -o sshfs_debug,IdentityFile<nowiki>=</nowiki></path/to/key> user@server ...}}')}}

=== Remote host has disconnected ===

If you receive this message directly after attempting to use ''sshfs'':
* First make sure that the '''remote''' machine has ''sftp'' installed! It will not work, if not.
{{Tip|If your remote server is running OpenWRT: {{ic|opkg install openssh-sftp-server}} will do the trick}}
* Then, try checking the path of the {{ic|Subsystem}} listed in {{ic|/etc/ssh/sshd_config}} on the remote machine to see, if it is valid. You can check the path to it with {{ic|find / -name sftp-server}}.

For Arch Linux the default value in {{ic|/etc/ssh/sshd_config}} is {{ic|Subsystem sftp /usr/lib/ssh/sftp-server}}.

=== Thunar has issues with FAM and remote file access ===  

If you experience remote folders not displaying, getting kicked back to the home directory, or other remote file access issues through Thunar, replace fam with {{Pkg|gamin}}.  Gamin is derived from fam.

=== sshfs をマウントされているときにシャットダウンでフリーズ ===

Systemd may hang on shutdown if an sshfs mount was mounted manually and not unmounted before shutdown. To solve this problem, create this file (as root):
{{hc|/etc/systemd/system/killsshfs.service|<nowiki>
[Unit]
After=network.target

[Service]
RemainAfterExit=yes
ExecStart=-/bin/true
ExecStop=-/usr/bin/pkill sshfs

[Install]
WantedBy=multi-user.target
</nowiki>}}
Then enable the service: {{ic|systemctl enable killsshfs.service}}

== 参照 ==

* [[sftpman]] - sshfs ヘルパーツール
* [http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses How to mount chrooted SSH filesystem], with special care with owners and permissions questions.