[Nix-dev] Re: [PATCH] autofs: Allow mounting ssufs-fuse filesystem using ssh-agents of the users only. There is afuse as well which might do a better job but that doesn't unmount automatically AFAIK. Using the example should prevent other users which are logged into your machinge using your mounts.
Ludovic Courtès
ludo at gnu.org
Sat Dec 19 00:17:09 CET 2009
Hi Marc,
Marc Weber <marco-oweber at gmx.de> writes:
> The useful hack I wrote is a sshfs wrapper.
> It uses pgrep to identify all runing ssh-agents.
> It then defines SSH_AGENT_PID and
> SSH_AUTH_SOCK and tries to mount the location.
> If it fails the next ssh-agent is tried.
> (Usually you only have one on your computer anyway..)
OK, thanks for explaining.
> Using arbitrary ssh-agents is very dangerous:
> Consider someone else logging into your machine.
> If you add the key he could do:
> cd /auto/you-remote-location
Indeed.
My feeling is that it’s something that ought to be discussed with
sshfs-fuse upstream, not hacked around in a distro, because there seems
to be a fundamental usability issue (using sshfs-fuse with
passphrase-protected keys), and there’s probably a wealth of security
pitfalls like the one you mention above.
What do you think?
Thanks,
Ludo’.
More information about the nix-dev
mailing list