SSHFS support

SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used.

Note: The SSHFS support requires the 2.20 software distribution or newer.

Enable SSHFS support on the target system

You need to enable SSH server and SFTP server support on your target system to be able to use SSHFS.

The software distribution includes two SSH implementations, Dropbear and OpenSSH. SSHFS i supported in both implementations.

Enable Dropbear support

Start the AXIS configuration system, e.g. 'make menuconfig' and enable Dropbear SSH and SFTP support:

Network Configuration  --->
  Network Application Configuration  --->
  SSH support (No ssh support)  --->
    (X) Enable dropbear ssh support
  [*] Enable sftp server support

Exit and save the new product config.

Run './configure' and 'make' to install the Dropbear package and build a new firmware image.

Enable OpenSSH support.

Start the AXIS configuration system, e.g. 'make menuconfig' and enable OpenSSH and SFTP support:

Network Configuration  --->
  Network Application Configuration  --->
  SSH support (No ssh support)  --->
    (X) Enable openssh support
  [*] Enable sftp server support

Exit and save the new product config.

Run './configure' and 'make' to install the OpenSSH package and build a new firmware image.

Installing host keys

The first time you boot an SSH enabled image the SSH server will generate some public and private keys.

When you login, via SSH, from your host the public keys will be stored on your host, e.g. in ~/.ssh/known_hosts. If you reload the firmware image to your target system (or just remove the generated keys from the target system) SSH will generate new public and private keys. If the keys on the target and host systems don't match it will not be possible to login to the target system via SSH.

The AXIS build system allows you to include generated SSH keys in the firmware image and this stops the SSH server from generating new keys every time you load a new image to your target.

It's also possible to install your own public SSH key(s) from your host in the firmware image. With your public key installed on the target system you don't even have to type your password when logging in from your host via SSH. Quite handy when developing and debugging the target system!

Dropbear keys

Dropbear uses these files:

Build system filename Target system filename Description
packages/initscripts/dropbear/dropbear_dss_host_key /etc/dropbear/dropbear_dss_host_key Contains the dss host key DropBear shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/dropbear/dropbear_dss_host_key packages/initscripts/dropbear'.
packages/initscripts/dropbear/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key Contains the rsa host key DropBear shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/dropbear/dropbear_rsa_host_key packages/initscripts/dropbear'.
packages/initscripts/dropbear/authorized_keys /root/.ssh/authorized_keys Your own public key(s). Copy the content from e.g. ~/.ssh/id_dsa.pub on your host.

Running 'make -C packages/initscripts/dropbear install && make images' will install the key files in the target directory and build a new image containing your key configuration files.

OpenSSH keys

OpenSSH uses these files:

Build system filename Target system filename Description
packages/initscripts/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key Contains the private dsa host key OpenSSH shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/ssh/ssh_host_dsa_key packages/initscripts/ssh/'.
packages/initscripts/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub Contains the dss host key DropBear shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/ssh/ssh_host_dsa_key.pub packages/initscripts/ssh/'.
packages/initscripts/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key Contains the rsa host key DropBear shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/ssh/ssh_host_rsa_key packages/initscripts/ssh/'.
packages/initscripts/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub Contains the rsa host key DropBear shall use. This key is generated at the first target boot-up after flashloading a new image. You can copy the key from a running target, e.g. 'scp root@192.168.33.109:/etc/ssh/ssh_host_rsa_key.pub packages/initscripts/ssh/'.
packages/initscripts/ssh/authorized_keys /root/.ssh/authorized_keys Your own public key(s). Copy the content from e.g. ~/.ssh/id_dsa.pub on your host.

Running 'make -C packages/initscripts/ssh install && make images' will install the key files in the target directory and build a new image containing your key configuration files.

Mounting a SSH file system

You need to install an SSHFS package on your host to be able to mount an SSH file system. On a Debian system you need to install the sshfs package (and most likely the fuse-utils and libfuse2 packages as well).

Note: The device /dev/fuse shall belong to the group fuse, e.g.:

jesper@lnxjesper:~ ls -l /dev/fuse
crw-rw---- 1 root fuse 10, 229 Sep 12 14:08 /dev/fuse

You should add yourself to the fuse group (if you're not allready a member of that group). 'adduser <login> fuse' should do the trick.

Try 'groups' to see if you're included in the fuse group:

jesper@lnxjesper:~ groups
users tty lp dialout cdrom floppy audio video plugdev fuse 

When you have the sshfs support installed on your host you should be able to mount the target file system root. First you need to create a mount point:

mkdir ./mnt_pnt

Then mount the target file system root:

sshfs root@192.168.33.109:/ ./mnt_pnt

Now, the target file system root is mounted at ./mnt_pnt:

jesper@lnxjesper:~ ls -la ./mnt_pnt 
total 92
drwxr-xr-x  1 root   root        0 Jan  1  1970 ./
drwxr-xr-x 79 jesper axusers  3984 Nov 12 11:39 ../
-rw-r--r--  1 root   root    51200 Nov 11 16:04 .dev.tar
-rw-r--r--  1 root   root    10240 Nov 11 16:04 .var.tar
drwxr-xr-x  1 root   root        0 Nov 11 16:27 bin/
drwxr-xr-x  1 root   root     2380 Nov 11 18:30 dev/
lrwxrwxrwx  1 root   root       13 Nov 11 16:27 etc -> mnt/flash/etc/
drwxr-xr-x  1 root   root        0 Nov 11 16:27 lib/
-rwxr-xr-x  1 root   root     1756 Nov 11 16:03 linuxrc*
drwxr-xr-x  1 root   root        0 Nov 11 16:27 mnt/
dr-xr-xr-x  1 root   root        0 Jan  1  1970 proc/
lrwxrwxrwx  1 root   root       14 Nov 11 16:27 root -> mnt/flash/root/
drwxr-xr-x  1 root   root        0 Nov 11 16:27 sbin/
drwxr-xr-x  1 root   root        0 Jan  1  1970 sys/
lrwxrwxrwx  1 root   root        7 Nov 11 16:27 tmp -> var/tmp/
drwxr-xr-x  1 root   root        0 Nov 11 16:27 usr/
drwxr-xr-x  1 root   root      180 Nov 11 18:30 var/
jesper@lnxjesper:~ 

Check the mount status:

jesper@lnxjesper:~ mount
. . .
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
. . . 
root@192.168.33.110:/ on /home/jesper/mnt_pnt type fuse.sshfs (rw,nosuid,nodev,max_read=65536,user=jesper)

Unmounting a SSH file system

To unmount a SSH file system use 'fusermount -u', e.g.:

fusermount -u ./mnt_pnt
 
axis/sshfs.txt · Last modified: 2009/02/03 16:00 by jesper
 
All text is available under the terms of the GNU Free Documentation License (see Copyrights for details).