Automounting sshfs with fstab, using passphrase-protected private key

Question

I connect to my home server with ssh server, where server is configured in ~/.ssh/config as:

Host server
    HostName {server-address}
    User me
    IdentityFile ~/.ssh/id_rsa

IdentityFile is a passphrase-protected private key, so I have to enter my passphrase every time I log in.

I can locally mount the remote file system on that server with sshfs me@{server-address}:/home/me /mnt/server. Once again, I have to enter my passphrase to log in with my private key. I notice that I don't need to actually specify the key in the sshfs options - presumably ~/.ssh/id_rsa is just the default location?

Finally, to easily mount the system, I added the below line to /etc/fstab:

me@{server-address}:/home/me  /mnt/server  fuse.sshfs  IdentityFile=/home/me/.ssh/id_rsa,defaults,noauto 0 0

And this lets me simply run mount /mnt/server to mount the filesystem - and of course, I'm asked for my passphrase.

Note that I had added the noauto option so that it wouldn't be mounted on boot, as I was worried the system would hang if it couldn't mount the filesystem without the passphrase.

Is my suspicion right here? Will the system fail to boot if it tried to mount the server filesystem, but didn't get the passphrase? Is there a way that I can supply the passphrase to /etc/fstab / the mount command, so that it will be able to boot the filesystem on boot?

Answer 1

I would like to give an alternative to the only answer in this question. Instead of creating a new keypair (this time without protecting the private key), it is possible to remove a passphrase from the existing private key.

Just do $ ssh-keygen -p. After removing the password, sshfs in fstab works flawlessly.

My final sshfs fstab like is USER@SERVER:/folder /mnt/sshfsmount fuse.sshfs noauto,x-systemd.automount,_netdev,allow_other,IdentityFile=/home/USER/.ssh/id_rsa,reconnect,follow_symlinks 0 0

Answer 2

I don't know if this "solution" warrants an answer, but here is how I got around it:

I simply used ssh-keygen to generate another key (i.e. /home/user/.ssh/id_rsa_no_passphrase) and didn't give that one a passphrase. Then I used ssh-copy-id to upload it to my remote server.
After changing my fstab entry to reference the new public key in the IdentityFile-field it worked flawlessly and now automatically mounts the filesystem on boot.

Here is the final fstab entry:

# sshfs
USER@SERVER:/home/sshfs /mnt/ssh    fuse.sshfs  defaults,_netdev,allow_other,default_permissions,identityfile=/home/USER/.ssh/id_rsa_no_passphrase,uid=UID,gid=GID    0   0

It might not be an exact solution to the problem, but it seems to be a valid workaround!

Answer 3

In ubuntu 20.04 server, this worked for me (step by step)

install sshfs

sudo apt-get update
sudo apt-get install sshfs

i created the key pair (without passphare), and copy it to remote server

ssh-keygen
ssh-copy-id REMOTE_USER@REMOTE_SERVER

add this line in /etc/fstab (thanks to @Sealad), replace all uppercase

REMOTE_USER@REMOTE_SERVER:/home/me  /mnt/server    fuse.sshfs  defaults,_netdev,allow_other,default_permissions,identityfile=/home/USER/.ssh/id_rsa,uid=UID,gid=GID    0   0

use this to get UID and GID

id -u USER
id -g USER

and do this only once (it should ask you for remote password)

sudo mount -a

reboot your system to check